4

I'm looking to find a tool that will do the authentication (and authorization) part of the project. For the project, I will be using spring boot and java 8. I will be working with OAuth2.0, the flow for untrusted client(web-applictation) and trusted client(another server)

I was looking at Keycloak and Spring Authorization Server.

But it's unclear what are all the possibilities with the Spring Authorization Server.

Like with Keycloak you have single sign on, identity brokering, social login, user federation, admin console, account management console, standard protocols etc.

Is this also possible with Spring Authorization Server, or what are the possibilities of Spring Authorization Server?

Steve Riesenberg
  • 4,271
  • 1
  • 4
  • 26
JMag
  • 110
  • 2
  • 9

2 Answers2

5

We're working on reference documentation which will include a feature list. In the meantime, see feature list on the GitHub wiki for the project.

From this PR, a possible short overview/answer to your question would be:

Spring Authorization Server is a framework that provides implementations of the OAuth 2.1 and OpenID Connect 1.0 specifications and other related specifications. It is built on top of Spring Security to provide a secure, light-weight, and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products.

Update: The reference documentation is now available and contains an Overview page with this information.

Steve Riesenberg
  • 4,271
  • 1
  • 4
  • 26
1

You can make custom OAuth resource server implementation or use the SAML standard. Also, you can implement access by JWT token, which suites well for API-only service. You can use also "Basic Authentication", but it's too simple for a mature applications.

Alex
  • 141
  • 9
  • So If I understood you correctly, Spring Authorization Server doesn't have SSO or none of that already embedded. If I would like to have that I would have to custom make it myself. Is that correct? – JMag Apr 25 '22 at 15:38
  • True. You can create your own OAth Authorization Server spring-boot service using `spring-security-oauth2-authorization-server` dependency, or you can use Keycloak as a ready-to-go solution. – Alex Apr 25 '22 at 16:24
  • @JMag, I'm not sure why this answer is accepted, but see [the answer below](https://stackoverflow.com/a/72005052/15835039) for a bit more information. – Steve Riesenberg Apr 25 '22 at 19:52