I'm looking to find a tool that will do the authentication (and authorization) part of the project. For the project, I will be using spring boot and java 8. I will be working with OAuth2.0, the flow for untrusted client(web-applictation) and trusted client(another server)

I was looking at Keycloak and Spring Authorization Server.

But it's unclear what are all the possibilities with the Spring Authorization Server.

Like with Keycloak you have single sign on, identity brokering, social login, user federation, admin console, account management console, standard protocols etc.

Is this also possible with Spring Authorization Server, or what are the possibilities of Spring Authorization Server?

CodePudding user response：

You can make custom OAuth resource server implementation or use the SAML standard. Also, you can implement access by JWT token, which suites well for API-only service. You can use also "Basic Authentication", but it's too simple for a mature applications.

CodePudding user response：

We're working on reference documentation which will include a feature list. In the meantime, see feature list on the GitHub wiki for the project.

From this PR, a possible short overview/answer to your question would be:

Spring Authorization Server is a framework that provides implementations of the OAuth 2.1 and OpenID Connect 1.0 specifications and other related specifications. It is built on top of Spring Security to provide a secure, light-weight, and customizable foundation for building identity providers and authorization server products.