https://github.com/nasrmohammad4804/oauth-authorizationcode-flow
https://github.com/nasrmohammad4804/oauth-authorizationcode-flow
git jsp keycloak oauth2 springboot
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/nasrmohammad4804/oauth-authorizationcode-flow
- Owner: nasrmohammad4804
- License: mit
- Created: 2022-02-11T19:54:55.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2022-04-21T11:41:53.000Z (about 4 years ago)
- Last Synced: 2023-03-06T19:53:10.104Z (over 3 years ago)
- Topics: git, jsp, keycloak, oauth2, springboot
- Language: Java
- Homepage:
- Size: 93.8 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# oauth-authorizationCode-flow with oauth2 and microservice
implement custom oauth-authorizationCode-flow in spring boot and this flow is very seure
for when client id and secret send to authorization server then return authorization code
and we send authorization code and encoding of client id and secret in backend to authorization server
then return token as response and on server side send request to resource server with token
if token is valid and require scope then access to data of resource server
this flow is very secure because for get resource need to token and this token dont transfer on client
then anyone cant access to token but you think with client id and authorization code will get to token and then access to resource
but although client id transer on client layer and server layer and can access then but you dont access to secret
because this key store on server side and cant to access them then when you must send client id and authorization code
and secert then because dont have secret then dont cant to access token and then dont cant to data from resource server