spring-oauth-server | Authorization Server and OpenID Provider on Spring Framework | OAuth library

by authlete Java Version: Current License: Apache-2.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | spring-oauth-server Summary

spring-oauth-server is a Java library typically used in Security, OAuth, Spring Boot, Spring applications. spring-oauth-server has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub.

This is an implementation of an authorization server and an OpenID provider which supports [OAuth 2.0][1] and [OpenID Connect][2]. This implementation is written using [Spring Framework][43], JAX-RS 2.0 API and [authlete-java-jaxrs][3] library. JAX-RS is The Java API for RESTful Web Services. JAX-RS 2.0 API has been standardized by [JSR 339][4] and it is included in Java EE 7. On the other hand, authlete-java-jaxrs library is an open source library which provides utility classes for developers to implement an authorization server and a resource server. authlete-java-jaxrs in turn uses [authlete-java-common][5] library which is another open source library to communicate with [Authlete Web APIs][6]. This implementation is DB-less. What this means is that you don’t have to have a database server that stores authorization data (e.g. access tokens), settings of the authorization server itself and settings of client applications. This is achieved by using [Authlete][7] as a backend service. Read [New Architecture of OAuth 2.0 and OpenID Connect Implementation][44] for details about the architecture. Access tokens issued by this authorization server can be used at a resource server which uses Authlete as a backend service. [spring-resource-server][40] is such a resource server implementation. It supports a [userinfo endpoint][41] defined in [OpenID Connect Core 1.0][13] and includes an example implementation of a protected resource endpoint, too.

Support

Quality

Security

License

Reuse

Support

spring-oauth-server has a low active ecosystem.

It has 61 star(s) with 27 fork(s). There are 11 watchers for this library.

It had no major release in the last 6 months.

spring-oauth-server has no issues reported. There are 1 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of spring-oauth-server is current.

Quality

spring-oauth-server has 0 bugs and 0 code smells.

Security

spring-oauth-server has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

spring-oauth-server code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

spring-oauth-server is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

spring-oauth-server releases are not available. You will need to build from source code and install.

Build file is available. You can build the component from source.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed spring-oauth-server and discovered the below as its top functions. This is intended to give you an instant insight into spring-oauth-server implemented functionality, and help decide if they suit your requirements.

Process a request from the authorization page
Lookup an end user
Retrieves the value of the specified attribute from the given session
Gets an existing session
Authenticate user
Get the login password
Get the login ID
Returns the user with the given login ID and password
Renders the authorization page
Prepare the model
Clear current user info in session if necessary
Sets up the session information in the request
HTTP POST request
Authenticate the API call
Handle a GET request
Handle an authorization request
Retrieves a user claim by name
A GET request
Returns the HTTP POST endpoint for the given request
Returns the subject of the user
Entry point for the authorization server
Returns a token endpoint for the access token
Gets the configuration of the OpenID provider
Returns whether the user is authenticated
Returns the time at which this request was logged
Handle a POST request

Get all kandi verified functions for this library.

spring-oauth-server Key Features

No Key Features are available at this moment for spring-oauth-server.

spring-oauth-server Examples and Code Snippets

No Code Snippets are available at this moment for spring-oauth-server.

Community Discussions

Trending Discussions on spring-oauth-server

EnableAuthorizationServer is working and is not deprecated

QUESTION

EnableAuthorizationServer is working and is not deprecated

Asked 2021-Jan-07 at 14:28

I was following this guide which mentions that the @EnableAuthorizationServer is deprecated. But when I created a project with the following dependencies, I am not getting the deprecated messages. Is there something I am missing here.

Depedencies - Output from mvn dependency:tree

...

ANSWER

Answered 2021-Jan-07 at 14:28

Well the correct term is that @EnableAuthorizationServer is in maintenance mode which basically means deprecated. As in there will be no added features or updates.

The story goes basically as follows.

During Spring 4 i believe there was a single person that maintained the oauth2 part of spring security. When Spring security 5 was launched the team at pivotal decided to do a major overhaul of spring security and the oauth2 parts. So what they did was to drop Authorisation server support, and instead focus on the Resource server support at first.

Spring announcement of dropping Authorisation server support

You have pulled in spring-cloud-starter-oauth2 which in turn har a peer dependency on spring-security-oauth2-autoconfigure which in turn pulls in spring-security-oauth2.

Here Spring clearly states that if you wish to use spring-security-oauth2 they will help you out, but it is in maintenance mode.

The choice to not support it was made because an authorization server is like owning a product. Spring doesn't maintain their own database, or own Ldap server etc. There are plenty of auth servers out there that can be used, okta, curity, github, fb, google, etc, etc.

But Spring has actually reevaluated that choice and decided to start a community developed open source authorisation server

So you have 3 choices:

use the old, that is in maintenance mode
use a 3rd party vendor, github, fb, google, okta, curity etc.
try out the new open source authorisation server

Source https://stackoverflow.com/questions/65590263

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install spring-oauth-server

You can download it from GitHub.
You can use spring-oauth-server like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the spring-oauth-server component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

| Purpose | Email Address | |:----------|:---------------------| | General | info@authlete.com | | Sales | sales@authlete.com | | PR | pr@authlete.com | | Technical | support@authlete.com |. [1]: http://tools.ietf.org/html/rfc6749 [2]: http://openid.net/connect/ [3]: https://github.com/authlete/authlete-java-jaxrs [4]: https://jcp.org/en/jsr/detail?id=339 [5]: https://github.com/authlete/authlete-java-common [6]: https://www.authlete.com/documents/apis [7]: https://www.authlete.com/ [8]: https://www.authlete.com/documents/overview [9]: https://so.authlete.com/accounts/signup [10]: https://www.authlete.com/documents/getting_started [11]: http://tools.ietf.org/html/rfc6749#section-3.1 [12]: http://tools.ietf.org/html/rfc6749#section-3.2 [13]: http://openid.net/specs/openid-connect-core-1_0.html [14]: http://tools.ietf.org/html/rfc7636 [15]: https://www.authlete.com/documents/article/pkce [16]: http://tools.ietf.org/html/rfc6749#section-4.2 [17]: https://www.authlete.com/documents/cd_console [18]: https://jersey.java.net/ [19]: http://tools.ietf.org/html/rfc6750 [20]: http://tools.ietf.org/html/rfc6819 [21]: http://tools.ietf.org/html/rfc7009 [22]: http://tools.ietf.org/html/rfc7033 [23]: http://tools.ietf.org/html/rfc7515 [24]: http://tools.ietf.org/html/rfc7516 [25]: http://tools.ietf.org/html/rfc7517 [26]: http://tools.ietf.org/html/rfc7518 [27]: http://tools.ietf.org/html/rfc7519 [28]: http://tools.ietf.org/html/rfc7521 [29]: http://tools.ietf.org/html/rfc7522 [30]: http://tools.ietf.org/html/rfc7523 [31]: http://tools.ietf.org/html/rfc7636 [32]: http://tools.ietf.org/html/rfc7662 [33]: http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html [34]: http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html [35]: http://openid.net/specs/openid-connect-discovery-1_0.html [36]: http://openid.net/specs/openid-connect-registration-1_0.html [37]: http://openid.net/specs/openid-connect-session-1_0.html [38]: http://localhost:8080 [39]: doc/CUSTOMIZATION.md [40]: https://github.com/authlete/spring-resource-server [41]: http://openid.net/specs/openid-connect-core-1_0.html#UserInfo [42]: https://maven.apache.org/ [43]: https://spring.io/ [44]: https://medium.com/@darutk/new-architecture-of-oauth-2-0-and-openid-connect-implementation-18f408f9338d [45]: http://projects.spring.io/spring-security-oauth/ [46]: https://www.authlete.com/documents/so_console.

Find more information at: