Java Spring Security with OpenId Provider

Question

I have a spring MVC application.Another client application want access my spring app using open id connect. How to implement open id provider in server side.Please help.

I only found the word 'spring' there once and its in Java: http://kit.mit.edu/projects/mitreid-connect — Itai Bar-Haim, May 02 '16 at 07:46
Sorry, not that I know of. Did you Google for it? In your original question you did not show any sign for research, which is very appreciated and looked for in StackOverflow. — Itai Bar-Haim, May 02 '16 at 08:15
In that case you should tell us where you looked and what you've tried. http://stackoverflow.com/help/how-to-ask — Itai Bar-Haim, May 02 '16 at 08:20

score 2 · Accepted Answer · answered May 05 '16 at 18:19

MITREid Connect OpenID-Connect-Java-Spring-Server is an OpenID Connect implementation on the Spring platform.

I'm afraid that Spring Security OAuth project won't be able to support OpenID Connect because it will require big changes in design. See Issue 619, for example.

In general, a typical OAuth 2.0 server implementation assumes that a value of response_type parameter contained in an authorization request is either code or token (although RFC 6749 mentions the possibility that the parameter may take multiple values at a time). However, OpenID Connect Core 1.0 and OAuth 2.0 Multiple Response Type Encoding Practices have invalidated the assumption explicitly. Now, response_type parameter can be any combination of code, token and id_token, or none. This has a big impact on existing OAuth 2.0 server implementations. Personally, as a matter of fact, I once discarded my OAuth 2.0 server implementation and rewrote it from scratch to support OpenID Connect.

[Spring Security 5.0](https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2login) now supports OpenID Connect — David Avendasora, Dec 20 '17 at 20:24

Java Spring Security with OpenId Provider

1 Answers1

Linked