with & without computers, writing Software, ~ 20 yrs ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA) ▸ Speaker at international Tech Conferences ▸ Author of „Serverless Computing in AWS Cloud“ (german) serverlessbuch.de ▸ Twitter: @dasniko
OF OAUTH 2.0 ‣ verify the identity of an end-user ‣ obtain basic profile information about the user ‣ RESTful HTTP API, using JSON as data format ‣ allows clients of all types (web-based, mobile, JavaScript) OPENID FOUNDATION, 2014
token is signed and contains all necessary information about the user and its roles. ‣ Kinds: Identity-, Refresh-, (Offline-) & Accesstokens ‣ Send in Bearer format: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... ‣ Have a TTL! ‣ Must be revocable!
Java Security API (JSR-375) ‣ Spring Security 5: OAuth became First Class Citizen ‣ Apache Shiro: no OAuth2/OIDC/JWT ‣ Apache Oltu: OAuth2/OIDC/JWT, but who knows? ‣ and many more…