|
34 | 34 | * Complete separation of the library and the client |
35 | 35 | * Library : API |
36 | 36 | * Client : DOC, Integration tester |
| 37 | +* Extensible: Supports multiple authorization servers and resource servers with this library. |
| 38 | +* Hybrid Resource Servers Token Verification Methods: Support for multiple verification approaches, including API calls to the authorization server, direct database validation, and local JWT decoding. |
37 | 39 | * Immediate Permission (Authority) Check: Not limited to verifying the token itself, but also ensuring real-time validation of any updates to permissions in the database. |
38 | | -* Token Introspector: Enable the ``/oauth2/introspect`` endpoint to allow multiple resource servers to verify the token's validity and permissions with the authorization server. |
39 | | -* Hybrid Token Verification Methods: Support for multiple verification approaches, including API calls to the authorization server, direct database validation, and local JWT decoding. |
40 | | -* Set up the same access & refresh token APIs on both ``/oauth2/token`` and on our controller layer such as ``/api/v1/traditional-oauth/token``, both of which function same and have `the same request & response payloads for success and errors`. (However, ``/oauth2/token`` is the standard that "spring-authorization-server" provides.) |
41 | | - * As you are aware, the API ``/oauth2/token`` is what "spring-authorization-server" provides. |
42 | | - * ``/api/v1/traditional-oauth/token`` is what this library implemented directly. |
43 | | - * Success Payload |
44 | | - ```json |
45 | | - { |
46 | | - "access_token" : "Vd4x8D4lDg7VBFh...", |
47 | | - "token_type" : "Bearer", |
48 | | - "refresh_token" : "m3UgLrvPtXKdy7jiD...", |
49 | | - "expires_in" : 3469, |
50 | | - "scope" : "read write" |
51 | | - } |
52 | | - ``` |
53 | | - |
54 | | - * Error Payload (Customizable) |
55 | | - ```json |
56 | | - { |
57 | | - "timestamp": 1719470948370, |
58 | | - "message": "Couldn't find the client ID : client_admin", // Sensitive info such as being thrown from StackTraces |
59 | | - "details": "uri=/oauth2/token", |
60 | | - "userMessage": "Authentication failed. Please check your credentials.", |
61 | | - "userValidationMessage": null |
62 | | - } |
63 | | - ``` |
64 | | - |
65 | | - * In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be. |
66 | | - |
| 40 | + |
67 | 41 | * Authentication management based on a combination of username, client ID, and App-Token |
68 | 42 | * What is an App-Token? An App-Token is a new access token generated each time the same account logs in. If the token values are the same, the same access token is shared. |
69 | 43 |
|
|
84 | 58 |
|
85 | 59 |
|
86 | 60 | * Separated UserDetails implementation for Admin and Customer roles as an example. (This can be extended such as Admin, Customer, Seller and Buyer... by implementing ``UserDetailsServiceFactory``) |
87 | | -* For versions greater than or equal to v3, including the latest version (Spring Security 6), provide MySQL DDL, which consists of ``oauth2_authorization`` and ``oauth2_registered_client``. |
| 61 | +* Set up the same access & refresh token APIs on both ``/oauth2/token`` and on our controller layer such as ``/api/v1/traditional-oauth/token``, both of which function same and have `the same request & response payloads for success and errors`. (However, ``/oauth2/token`` is the standard that "spring-authorization-server" provides.) |
| 62 | + * As you are aware, the API ``/oauth2/token`` is what "spring-authorization-server" provides. |
| 63 | + * ``/api/v1/traditional-oauth/token`` is what this library implemented directly. |
| 64 | + * Success Payload |
| 65 | + ```json |
| 66 | + { |
| 67 | + "access_token" : "Vd4x8D4lDg7VBFh...", |
| 68 | + "token_type" : "Bearer", |
| 69 | + "refresh_token" : "m3UgLrvPtXKdy7jiD...", |
| 70 | + "expires_in" : 3469, |
| 71 | + "scope" : "read write" |
| 72 | + } |
| 73 | + ``` |
| 74 | + |
| 75 | + * Error Payload (Customizable) |
| 76 | + ```json |
| 77 | + { |
| 78 | + "timestamp": 1719470948370, |
| 79 | + "message": "Couldn't find the client ID : client_admin", // Sensitive info such as being thrown from StackTraces |
| 80 | + "details": "uri=/oauth2/token", |
| 81 | + "userMessage": "Authentication failed. Please check your credentials.", |
| 82 | + "userValidationMessage": null |
| 83 | + } |
| 84 | + ``` |
| 85 | + |
| 86 | + * In the following error payload, the 'message' shouldn't be exposed to clients; instead, the 'userMessage' should be. |
| 87 | + |
88 | 88 | * Application of Spring Rest Docs, Postman payloads provided |
89 | 89 |
|
90 | 90 | ## Dependencies |
|
0 commit comments