Home validate OAuth 2.0 access token from a Spring RESTful resource server
Reply: 0

validate OAuth 2.0 access token from a Spring RESTful resource server

user2266 Published in March 20, 2018, 5:36 am

I want to secure my Spring RESTful backend. One way (the right?) is to use OAuth 2.0 like shown here:


Within my architecture the resource server and authorization server ARE NOT the same entity. I really just provide some JSON REST services. No UI. If I read the OAuth2 RFC they just say:

The interaction between the authorization server and resource server is beyond the scope of this specification. The authorization server may be the same server as the resource server or a separate entity. A single authorization server may issue access tokens accepted by multiple resource servers.

I found a good diagram on cloudfoundry.com (related to the above youtube video) which I'm using to illustrate my view:

"token" provider: This could/should be google or facebook for example.

RESTful backend: This is actually my code. Spring RESTful services like:

public class MyResourceToProtect {

    private MyService service;

    @RequestMapping(value = "/resource/delete/{name}",
                    method = RequestMethod.DELETE,
                    consumes = MediaType.APPLICATION_JSON_VALUE,
                    headers = "Content-Type=application/json")
    public void delete(@PathVariable("name") String name) {

(This is just some sample code)

Now my question: Is it somehow possible to validate the access tokens which are generated by the AuthServer (Facebook, Google)? I know that I need to have a "token to user" mapping (database) somewhere on my ResourceServer. Basically I'd like to design my RESTful API like to one from PayPal:


But how can I handle the steps 1 & 2 if I want to use Facebook or Google as auth providers? Is this even possible?

Additional thought: Probably I need to provide my own /oauth2/token endpoint and then delegate to the underlying AuthProvider.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.307027 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO