728x90
2 server will be made authencitation server and resource server
first withClient is real app client and second withClient is for resource server(faking it , for "isauthenticated()" )
first get access token from authentication server
checking access token maunally -> we don't need to do this because resource server has configured this by writing this on application.properties
server.port=9090
security.oauth2.resource.token-info-uri=http://localhost:8080/oauth/check_token
security.oauth2.client.client-id=resourceserver
security.oauth2.client.client-secret=12345
by using access token -> access resource server -> resource server validate token by delegating checking to authentication server -> we are now granted to access resource server
728x90
'WEB > Security' 카테고리의 다른 글
| Lesson 16 - Using non-opaque tokens in Spring Security with JWT (0) | 2022.05.10 |
|---|---|
| Lesson 15 - Using Opaque Tokens - Blackboarding (0) | 2022.05.09 |
| Lesson 13 - Token implementations in OAuth 2 systems (0) | 2022.05.09 |
| Lesson 12 - Deeply understanding the grant types (0) | 2022.05.06 |
| Lesson 11 - OAuth 2 and Spring Security (0) | 2022.05.06 |