I'm developing a Spring Boot REST API and I'd like to use GitHub as an Authorization Server for my Resource Server. I already achieved this with Google using https://www.googleapis.com/oauth2/v3/certs to verify the bearer tokens. However, I can't find the same for GitHub.
Is it possible to use GitHub as an Authorization Server (to verify tokens in my server), or only as a client?
If this is not possible, are there other options besides Google and Microsoft?
Thank you!
There are at least to ways to achieve multi-tenant scenarios (cases where you have more than just one users identity providers):
JwtIssuerAuthenticationManagerResolver or ReactiveAuthenticationManagerResolverIf all of your identity providers issue JWT access tokens, first option is dead simple. Have a look at this tutorial to get started in minutes.
Otherwise, and unfortunately this is the case for Google and Github which issue opaque access-tokens (not JWTs), you can consider Keycloak which supports federation for most common identities (Facebook, Google, Github, etc.). Tutorial above still applies, with a single entry in issuers configuration: your Keycloak instance.
Spring Authorization Server is also an option you might consider: it doesn't come with a UI (login, registration, clients administration, ...) or a database, but you don't really need that for just identity federation.