Using Spring Authorization Server
In the past, I’ve used Keycloak as the security service. The API gateway used an OAuth password grant type to authenticate the client’s credentials with Keycloak and obtain a JWT. The backend services obtained the public key from Keycloak via its JWKS endpoint.
But for a recent project, I decided to use Spring Authorization Server. However, I ran into a problem: Spring Authorization Server doesn’t support the password grant type. That’s because the password grant type is removed from the OAuth 2.1 specification. It’s considered insecure because requires the application to handle the human user’s credentials, which defeats the purpose of OAuth.
Adding password grant type to Spring Authorization Server
While password grant is insecure for human users, it still seemed a good fit my API gateway scenario. After all, the API Gateway is part of the application that issued the client’s credentials. Consequently, I decided to add the password grant type to Spring Authorization Server. A quick Google search discovered a code sample on StackOverflow that I was able to adapt to a new version of Spring Authorization Server.
Featured Blogs
- fmff
- dog
- game
- New web Blogpost
- blogging
- Wishing a very Happy Diwali to all of you!
- Using Spring Authorization Server
- New Blog Post in Microservice
- Dark energy and dark matter
- blog_4
- Blog_3
- Blog_2
- New blog fro kiru
- testing blog approval after fix
- test blog section approval
- New Web Blog Publisher - From Seenivasan
- New webBlog
- New Web Blog Publisher 1
- New Web Blog Publisher
- testing newsletter from sub agent account
- Blogg
- testing blog publisher flow
- deployed the changes to staging
- Testing web blog publication
- blog checking
- wrong bug
- Blog Checking scenirio
- Final test
- new flow with staging blog
- test blog not creation issue in sub agents
- now test last
- test blog now with UI