Useful Links
Computer Science
Cybersecurity
Spring Security
1. Introduction to Spring Security
2. Core Architectural Components
3. Authentication Mechanisms
4. Authorization and Access Control
5. Web Security Configuration
6. OAuth 2.0 and OpenID Connect (OIDC)
7. Advanced Topics and Integrations
8. Customization and Extensibility
OAuth 2.0 and OpenID Connect (OIDC)
Core OAuth 2.0 Concepts
Roles
Resource Owner
Client
Authorization Server
Resource Server
Grant Types
Authorization Code
Flow Overview
Security Considerations
PKCE Extension
Client Credentials
Use Cases
Flow Overview
Implicit (Deprecated)
Deprecation Reasons
Security Risks
Resource Owner Password Credentials (Deprecated)
Use Cases
Deprecation Reasons
Tokens
Access Tokens
Refresh Tokens
Token Scopes
Token Expiration
Building an OAuth 2.0 Client
Configuration with `oauth2Login()`
Registering OAuth Providers
Client Registration Properties
Client ID
Client Secret
Authorization URI
Token URI
User Info URI
Redirect URI
Handling User Information
UserInfo Endpoint
Mapping User Attributes
Custom User Attributes
Customizing Client Behavior
Custom OAuth2UserService
Custom OidcUserService
Custom Authentication Success Handler
Custom Authentication Failure Handler
Custom Authorization Request Resolver
Building an OAuth 2.0 Resource Server
Configuration with `oauth2ResourceServer()`
JWT Support
Opaque Token Support
Token Validation Strategies
JWT (JSON Web Token)
Structure and Claims
Header Claims
Payload Claims
Signature Verification
JWT Decoder Configuration
Opaque Token Introspection
Introspection Endpoint
Token Validation Process
Introspection Client Configuration
Extracting Authorities from Tokens
Mapping JWT Claims to Authorities
Custom Authority Extraction
Scope-Based Authorities
Custom JWT Authentication Converter
Building an OAuth 2.0 Authorization Server
Spring Authorization Server Project
Overview and Capabilities
Migration from Legacy Authorization Server
Configuration and Endpoints
Authorization Endpoint
Token Endpoint
Token Revocation Endpoint
Token Introspection Endpoint
JWK Set Endpoint
Client Management
Registered Client Configuration
Client Authentication Methods
Client Authorization Grant Types
Token Customization
Custom Token Generator
Custom Claims
Token Format Configuration
OpenID Connect (OIDC) 1.0 Support
OIDC Core Concepts
ID Token
UserInfo Endpoint
Discovery Endpoint
OIDC Scopes
Integration with `oauth2Login()`
OIDC-Specific Configuration
Handling OIDC Claims
ID Token Validation
OIDC Provider Configuration
Discovery Document
Provider Metadata
Custom Provider Configuration
Previous
5. Web Security Configuration
Go to top
Next
7. Advanced Topics and Integrations