just like userDetailService exist for loading User credential
Client has ClientDetailService for loading Client crediential
to validate user we have user detailService
for client authentication
notice we are using tokenstore with covnerter -> we are storing access token made of JWT
if we don't specifiy tokenStore , just like previous lecture spring security will use default opaque token
notice we are using our custom JpaClientDetailService to store client credential -> later when client request access token we will compare by loading cds method
it is recommanded to seperate Entitiy from ClientDetails
to check non-opaque token( in this case JWT)
both servers need to have same key
Authentication Server encode with key and make jwt
Resource server validate jwt with key
'WEB > Security' 카테고리의 다른 글
| Lesson 19 - Configuring the authorization server to expose the public key (0) | 2022.05.11 |
|---|---|
| Lesson 17,18 - Using symmetric , asymmetric keys with JWT (0) | 2022.05.11 |
| Lesson 15 - Using Opaque Tokens - Blackboarding (0) | 2022.05.09 |
| Lesson 14 - Using Opaque Tokens - Introspection (0) | 2022.05.09 |
| Lesson 13 - Token implementations in OAuth 2 systems (0) | 2022.05.09 |