Spring OAuth2 Resource and Authorization servers

1
votes

In Spring OAuth2 it it possible to separate Authorization server and Resource server into separate applications. Like stated in : https://github.com/spring-projects/spring-security-oauth/wiki/oAuth2

Seemingly both web applications require these:

  • instance of AuthorizationServerTokenServices
  • instance of ClientDetailsService

QUESTION: Is it so that AuthorizationServerTokenServices from Authorization server must use the same data source as the AuthorizationServerTokenServices from Resource server?

The same question goes for ClientDetailsService.

E.g. when having multiple resource servers, and an authorization server, all of them must use the same database for token management, and then same database for the client management?

1
javaspringoauthspring-securityoauth-2.0
what is the question? - OhadR
Sorry, I edited the post to make it more clear. I hope it helped. - user921176

1 Answers

1
votes

The answer is yes. If one is writing own resource server and own auth server, they have to share the database.

This question is duplicate of oAuth2 Token validation/verification in Spring

There is another thread with similar topic confirming the answer: validate OAuth 2.0 access token from a Spring RESTful resource server