We have old Spring boot applications where we have a username (Unique), password and Auth key(Unique) stored as plain text stored in MySQL. For every API request, we are identifying the user using the auth key. We are trying to integrate Alexa with our applications. Alexa by mandatory need OAuth 2.0.
As of now, it is hard to change the whole flow. Can you please guide me on how to achieve the OAuth 2.0 authorization code grant flow with username and password stored as Plain text? And each API needs to have a user identification key so that we can get the exact data from the databases.? How can we get the user-specific data from the resource server using OAuth 2.0?
I have referred to the online articles but it has mostly about the encrypted password and with default response without any respective user data.
Thanks
The other option is to integrate a 3rd party OAuth into your apps. You can use Login with Amazon, Facebook, Google, Github... There are services like Okta and Auth0 who provide simple toolkits to integrate those and more.
Here's an example using Okta's service to do this with Spring Boot: https://developer.okta.com/blog/2019/05/15/spring-boot-login-options
Sharing Username/Password with third parties and letting apps pretend they're you is one of the things OAuth was specifically designed to help you avoid.