...
Main points of entry:
OAuth2Login
ResourceServer
For the ResourceServer implementation, the architecture supports JWT and Opaque independently.
Jwt:
Token local validations performed by JWKs.
Opaque:
Token validations performed by introspection; through an token introspection resolver ( in case more than one token introspection defined ).
...
How to To define a MicroService as Resource Server (RS):
...
| Code Block |
|---|
oauth2: # Values for Resource Servers. resource-server: ##Base RS conf base-conf: user-info-uri: https://authorization.server/idp/userinfo.openid # Traditional approaches will require only introspection-uri, this approach uses NimbusOpaqueTokenIntrospector opaque: client-id: model-manage-client client-secret: client-secret introspection-uri: https://internal.pf.modelop.center/as/introspect.oauth2 # Specifically opaque-queryparam is for a specific client needs that supports 2 OAuth2 providers at the same time... opaque-queryparam: queryparam: otoken introspection-uri: https://authorization.server/rs/validate/AppIdClaim |
...