How to configure spring oauth?

0
votes

I have 2 web applications:

  1. Resource Server (@EnableResourceServer)
  2. auth app (@EnableAuthorizationServer)

They are mapped to one database.

I would like to split database for 2: one for client app and the second one for tokens.

Question: How client app should be configured correctly with oauth?

My current flow:

  • Resource Server get request with token
  • spring security checks token in database

May be the best flow is to isolate auth app and database and flow should be something like this:

  • Resource Server get request token
  • and Resource Server makes a request to auth web app (OAuth Server) to verify token
  • auth app (OAuth Server) spring security checks token in database

?

Let me know if I misunderstand any point about oauth. Thanks.

1
javaoauthspring-securityspring-security-oauth2

1 Answers

1
votes

If you want use the auth server for checking tokens you need a RemoteTokenServices (or the equivalent). If the server is a Spring Oauth sever (using @EnableAuthorizationServer) there should be a /check_token endpoint.

N.B. It might be a good idea to read the spec and get the terminology straight (your "client app" is a "resource server".