Announcement Announcement Module
No announcement yet.
OAuth2 token validation Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2 token validation

    I am new to OAuth2 in Spring, some concepts are unclear to me. I hope someone could help.
    • I was wandering how can Resource server validate a token in a given request?
    • Is it so that Resource server and Authorization server must share the same data source for Token and Client management?
    Perhaps someone could correct this flow, in case of grant type "Authorization code"?
    First of all, I assume that Resource server and Authorization server must share the same database for token storage (used by AuthorizationServerTokenServices)

    1. Once the token is created at Authorization server, oauth_access_token table row is populated, with columns such as
    • "user_name" (user that was just authenticated),
    • "token" (blob),
    • "client_id"
    • "authentication blob" created from Authentication object for the user
    2. Client receives the token from Authorization server

    3. Client makes request to Resource server with the token

    4. The Resource server looks into the same database which was used by Auth server, and looks for authentication blob based on token, then creates Authentication object

    5. If Authentication object matches access permissions defined for the url in the request, all clear, client receives some OK reply.