Real Time examples for Oauth2 Grant Types and Good document, example for Oauth2 with Spring MVC

spring spring-mvc spring-security oauth-2.0 spring-security-oauth2
Pravinkumar picture Pravinkumar · Nov 21, 2014 · Viewed 19.9k times · Source

I've read about Oauth2 few days before, it has entities like Client, Resource Owner, Resource Server, Authorization Server and i understood the explanations too. but i don't understand the grant type's completely still i got confusion on following types. Oauth2 has 4 different grant types like,

  1. Authorization code
  2. Implict
  3. Resource Owner Password Credentials
  4. Client Credentials

please, give me some real time examples for the above types to differentiate the implementation. I need to know that what are the types of grant implementation spring security oauth2 has and full flow for spring oauth2 with security.

I have gone through some example implemented with oauth2 with spring mvc, spring security. but it's confusing me i don't get clear picture of the api implementation.

I'm looking for good Oauth2 flow and document with Spring mvc and Spring security. please help me.

Answer

Jigish picture Jigish · Nov 21, 2014

In terms of understanding the flows and the differences between them, this presentation is the best resource I found online. After this, if you read the OAuth2 spec description, it'll be much easier to follow.

Unfortunately, in terms of code samples, there isn't good Spring Security OAuth2 sample code out there (the Sparklr and Tonr examples are okay but not super clear). Best resource there is to look at unit tests in Spring Security OAuth2 code on github.

One question I want to ask is - are you looking to create your own OAuth2 Provider or do you just want to connect to Facebook, Google, etc as OAuth2 client. If it's the second part, I would suggest skipping Spring Security OAuth2 and instead look at Spring Social project.

Edit: For creating an OAuth2 Provider, check out this code by Dave Syer (he is the lead of Spring Security OAuth project) . It shows how you can create an OAuth2 Provider and Resource Server in 20 lines of code. This is the easiest way to create Spring Security OAuth code. https://github.com/dsyer/sparklr-boot

It uses Spring Boot and Spring Security OAuth projects. Of course, you'll have to understand Spring Security, JavaConfig configuration and the OAuth2 protocol properly to understand how all of this works.

Related questions

Spring OAuth (OAuth2): How can I get the client credentials in a Spring MVC controller?

In this snippet: @RequestMapping(method = GET) public List<Place> read(Principal principal) { principal.getName(); } principal.getName() gives me the user identification but I need a way to receive the client credentials (client => the app who is using …

Read More
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
How do I get the Session Object in Spring?

I am relatively new to Spring and Spring security. I was attempting to write a program where I needed to authenticate a user at the server end using Spring security, I came up with the following: public class CustomAuthenticationProvider extends …

Read More