WEB/Security

Lesson 15 - Using Opaque Tokens - Blackboarding

Tony Lim 2022. 5. 9. 21:08
728x90

instead of actually going to Authentication Server to validate access token 

resource server just ask database if this access token is there and check if it is same

but sharing database with other service is anti architecture pattern -> not recommended

preferred option is for authorization server to persist tokens and resource server to use introspection to authenticate token

 


@Bean
public TokenStore tokenStore() {
    return new JdbcTokenStore(dataSource);
}

we can just user basic JdbcTokenStore given by spring to store access token

728x90