Is it possible for OAuth2 Authorization server side can generate access token will be get by client side and then transfer it again to server to authorize. The main point is to generate access token OAuth2 Authorization server side. Kindly suggest some link on how to. I watch some a lot tutorial like this git hub repo from Daily Code Buffer https://github.com/shabbirdwd53/spring-security-tutorial/tree/main/Oauth-authorization-server/src/main/java/com/dailycodebuffer/oauthserver this will work but i need access token from server side
CodePudding user response:
Authorization-server (what delivers tokens) is by definition server side, and so is resource-server (REST API secured with access control rules based on this access-tokens claims / introspected attributes), but this are usually separate services (served from different sockets / hosts).
You can use whatever OAuth2 authorization-server (or better, its OpenID specialization):
- Spring authorization-server (but requires quite some coding)
- a much more complete / mature solution you can deploy on your dev machine (like Keycloak)
- even online solutions (like Auth0, Amazon Cognito, etc.)
Once, you have an authorization-server up and running, configure your Spring API as resource-server. Tutorials there: https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials
Last use an OAuth2 client lib to handle redirection to and from authorization-server, exchange authorization-code for tokens (access, refresh and ID), etc. The lib(s) to use depends on your client framework(s): Spring has one for Spring clients (UI with Thymeleaf or REST robots or whatever), but there are also client libs for Angular, React, Vue, etc.