728x90
instead of actually going to Authentication Server to validate access token
resource server just ask database if this access token is there and check if it is same
but sharing database with other service is anti architecture pattern -> not recommended
preferred option is for authorization server to persist tokens and resource server to use introspection to authenticate token
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
we can just user basic JdbcTokenStore given by spring to store access token
728x90
'WEB > Security' 카테고리의 다른 글
| Lesson 17,18 - Using symmetric , asymmetric keys with JWT (0) | 2022.05.11 |
|---|---|
| Lesson 16 - Using non-opaque tokens in Spring Security with JWT (0) | 2022.05.10 |
| Lesson 14 - Using Opaque Tokens - Introspection (0) | 2022.05.09 |
| Lesson 13 - Token implementations in OAuth 2 systems (0) | 2022.05.09 |
| Lesson 12 - Deeply understanding the grant types (0) | 2022.05.06 |