Spring boot auth2 dependencies >> differences between spring-boot-starter-oauth2-client and spring-boot-starter-oauth2-resource-server
What is the difference between the following 2 dependencies and when to use which?
#maven pom.xml format deps:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
From what I researched you should use:
resource-server: When a client app is already verified via the authorization server. The client then sends the token in an authorization header to our spring boot server. The token then gets verified on the server and access is granted to server resources.
client: The spring boot app is the client now and will make a request to an authorization server from which it gets a token. This token can now be used in additional request to other resource servers to obtain certain resources.
Is my understanding correct. Am I missing any details?
Let's understand everything through a diagram:
OAuth2 defines few roles:
Client: The client (REST API client) is the system that access the protected resources from Resource server. To access resources from the Resource server, the Client must hold the appropriate Access Token.
Client uses this maven dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
<version>2.7.6</version>
</dependency>
Resource Server: This Server is an application that protects resources via OAuth tokens. The job of the Resource server is to validate the token before serving a resource to the client.
Resource server uses this maven dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
<version>2.7.6</version>
</dependency>
Authorization Server: This Server receives requests from the Client for Access Tokens and issues them upon successful authentication. The service acting as a middleman between client and resource owner.
Authorization server uses this maven dependency:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>1.0.0</version>
</dependency>
- 'wsimport' is not recognized error in command prompt
- Best way to compare two JSON files in Java
- Java get month sort name from date
- Obtain and download Javadoc (JDK API documentation) to a local file for offline reading
- How to get the number of days in a specific month using Java Calendar?
- Custom Spring annotation for request parameters
- License for package Android SDK Platform 29 not accepted
- Java Compile Time Error: reached end of file while parsing
- ShellIpcClient and NonCelloThread errors java
- How to verify a signature from the Phantom wallet?
- FirebaseAuth - Get tokenId in Java backend
- How to hide constructor on a Java record that offers a public static factory method?
- Is it possible to get MariaDB4J to work on an M1 Mac?
- Cannot run simple compiled java program?
- Getting IntelliJ to generate Java Sources from Proto files
- Insert a java string constant in a quarkus qute template?
- Why is the run button not working in Eclipse?
- Stuck on Card/Deck exercise from Java official tutorial
- Spring Batch - Deleting metadata post job completion throws error - Incorrect result size: expected 1, actual 0
- Simple export and import of a SQLite database on Android
- How to serialize a date to a specific format?
- How to make the Youtube's rotating spinner loading screen on Java Swing
- How to sort List<Integer[]> in java?
- How to prevent spring boot from auto creating instance of bean 'entityManagerFactory' at startup?
- Sharing instance of a class between multiple tests running in parallel in Junit5
- Launch4J not recognizing Eclipse Temurin OpenJDK Java 17
- Turn my stack into a string?
- How can I document or exclude the generated BuildConfig class in my documentation?
- Is it a bad practice to catch Throwable?
- Java: Right Click Copy Cut Paste On TextField