[java brains] OAuth2 , Google

oAuth = Authorization between services

only giving other service with limited credential.

once user permit different service to access google OAuth gives a token with limited access authorites written. token is JWT

 

Terminology

Resource Server has burden of security. 

 

flow 1

1. log to photo printing service and say "my picture is in google drive can you access there and fetch my picture and print it?

2. client send request to authrization server

3. authorization server ask resource owner if it is okay to access specific client (print) ? ( list of what client what to do)

4. resource owner says okay 

5. authrization sever gives authorization token 

6. client use this authorization token to get access token from authorization sever

7. clien use access token to access resource server 

8. resource server verify access token with authorization server

9. provides resource to client

 

flow 2 Implicit Flow (less secure) 

1. resource owner make request to client (print app) 

2. client ask authorization sever 

3. authroization server ask resource owner

4. resource owner says okay

5. authrization server sends access token directly 

6. client use access token to access resource server and do its jobs

 

Usecase , flow3

authorization between microservices 

client credential flow = when the client is well trusted 

1. provide certain key (that proves i am microservice 1) to Auth Server. microservice 1 only need to access certain info not all.

2. auth server gives access token ( have limited authorities that microservice1 need )

3. micro1 use access token to micro2 and micro2 gives what micro1 want.

 

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-oauth2-client</artifactId>
</dependency>

you can go google it about facebook or github and make your own app for login 

spring:
  security:
    oauth2:
      client:
        registration:
          facebook:
            client-id: YOUR CLIENT ID GOES HERE
            client-secret: YOUR CLIENT SECRET GOES HERE