An OAuth 2.1 implementation with Spring Authorization Server and a Spring Web based portal to manage clients and scopes.
- /oauth2/authorize
- Authorization endpoint
- Redirects to the login page if not authenticated
- Redirects to the client application after successful authentication
- /oauth2/token
- Token endpoint
- Exchanges authorization code for access token
- Exchanges refresh token for new access token
- /oauth2/jwks
- JSON Web Key Set endpoint
- Provides public keys for verifying JWTs
- Authorization Code
- Client Credentials
- Refresh Token
- On-Behalf-Of Token Exchange (Work in Progress)
- Supports OpenID Connect
- Provides ID Token
- Supports UserInfo endpoint (Work in Progress)
- Authentication
- Username and password authentication
- Registration
- User registration
- Register a new application
- Update an application
- Delete an application
- Define scopes owned by the application
- Register a new OAuth client
- Update an OAuth client
- Delete an OAuth client
- Define grants to be consumed by the OAuth client
- Define scopes to be consumed by the OAuth client
- /.well-known/robots.txt
- /.well-known/humans.txt
- /actuator/health
- /actuator/info
The OAuth 2.1 Authorization Framework (proposal) is an extension of the OAuth 2.0 standard (RFC6749) authorization server.
Also known as token exchange grant, On-Behalf-Of grant RFC8693 is an extension of OAuth2.0 and is used to exchange a token for another token on behalf of a user. This is useful for scenarios where a client application needs to access a resource on behalf of a user, but does not have the user's credentials. Microsoft has one such implementation