As we know the Spring Security OAuth 2.0 project has bee depreciated and now it's Spring Security 5.
My question is related with Authorisation Server for grant_type: authorization_code. Spring team is also working on standalone project for Authorization Server. So most of the codebase in Spring Security project is depreciated for Authorization Server.
Still, I've couple of questions for endpoints with authorization_code flow in Spring Security 2.0/5.
OAuth 2.0:
Can you please let me know, which endpoints are supported for below use cases in Authorization Flow:
Login Button: ask the customised authorization url from
Authorization Server.User logged-in: once end-user logged-in (authenticate), need to
authorisewith registered client application and provide thecodein the callback URI.Request For Access Token: once the
codehas been received in previous step, it should use thecodeto get theaccess token.
Please let me know which endpoints are meant to be used in Spring Security OAuth 2.0/5 for above use cases. Based on my research, I've found these endpoints:
- /oauth/token: get the access token
- /oauth/token_key: produces JWT encoded token values
- /oauth/check_token: validate the access token
Can you please let me know which endpoint dedicated for authorisation before end-user authenticate in use case #1. And after end-user authentication in use case #2.
Any help would be appreciated.
Many Thanks, Adnan
