oauth tokens | The Blog Pros

October 10, 2019

Deep Dive Into OAuth2.0 and JWT (Part 2 OAuth2.0)

In the previous article, we introduced Authentication and Authorization. In this article, let us have a look at one of the most commonly used implementation, i.e. OAuth2.0.

Introduction

In the traditional client-server authentication model, the client requests protected resources on the server by authenticating with the server using the resource owner's credentials. To provide third-party applications access to restricted resources, the resource owner shares its credentials with the third party. This sharing of credential can create several problems and limitations, some of which are listed below.

February 14, 2019

Spring Boot and OAuth2: Getting the Authorization Code

In the previous tutorial, we focused on an overview of OAuth and how to implement it. In this tutorial, we will be looking at how to use the authorization code grant.

To do this, we will be implementing the Client Application and Resource Server. The flow we will be implemented as follows:

January 11, 2019

OAuth2 Tips: Token Validation

Bearer Token Types

There are two types of OAuth2 bearer tokens:

General Token that represents a string that has no meaning for the client (e.g., 2YotnFZFEjr1zCsicMWpAA). That type of bearer token cannot be validated by the Resource Server without direct communication with an Authorization Server.
JWT Token represents the JSON object with statements (claims) about the user and token. The JWT token contains three separate parts: header, payload, and signature — each of them are base64-encoded for transferring. JWT tokens are not a part of core OAuth2 specification but mandatory for use with OpenID Connect. JWT token is the most popular way to exchange information about current authentication between microservices. More details can be found here.

Token Validation Methods

OAuth2 tokens can be validated using the following methods: