0

I am working on a Spring Boot application where existing user authentication is based on Oauth2 with 2FA. Now, I would like to call the APIs in my application from the third-party client as well, say from another service.

Basically, I would like to develop one auth API, where on providing a valid client name, valid API key, and API secret, the client will get an auth token, which will be valid for say 1 hour. Then this auth token can be passed in all successive API invocation until the token gets expired.

I found a few articles here:

a. Securing Spring Boot API with API key and secret

b. How to secure spring Boot API with API key and secret

c. how to implement api key secure in spring boot?

d. How to config multiple level authentication for spring boot RESTful web service?

But, I am not getting any concrete idea regarding, how to achieve this.

Could you please suggest how can I achieve this? Thanks

Joy
  • 4,197
  • 14
  • 61
  • 131
  • for starters, better for you to learn the implementation of OAuth security with spring boot. Then you can go for 2FA and other stuff after you figure out the basics. I would suggest you to look into some tutorials.. there are bunch of tutorials in youtube as well. – Natsu Nov 27 '21 at 03:43
  • @Natsu Sorry for the confusion. Actually, in my application, the authentication based on 2FA is already there. In addition to this, I would like to add API authentication based on API key and API secret as I mentioned in the OP. – Joy Nov 27 '21 at 04:21

0 Answers0