Spring boot auth2 dependencies >> differences between spring-boot-starter-oauth2-client and spring-boot-starter-oauth2-resource-server

Issue

What is the difference between the following 2 dependencies and when to use which?

  #maven pom.xml format deps:

   <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
    </dependency>

From what I researched you should use:

resource-server: When a client app is already verified via the authorization server. The client then sends the token in an authorization header to our spring boot server. The token then gets verified on the server and access is granted to server resources.

client: The spring boot app is the client now and will make a request to an authorization server from which it gets a token. This token can now be used in additional request to other resource servers to obtain certain resources.

Is my understanding correct. Am I missing any details?

Solution

Lets understand everything through a diagram:

enter image description here

OAuth2 defines few roles:

Client: The client(REST API client) is the system that access the protected resources from Resource server. To access resources from the Resource server, the Client must hold the appropriate Access Token.

Client use this maven dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
    <version>2.7.6</version>
</dependency>

Resource Server: This Server is an application that protects resources via OAuth tokens. The job of the Resource server is to validate the token before serving a resource to the client.

Resource server use this maven dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
    <version>2.7.6</version>
</dependency>

Authorization Server: This Server receives requests from the Client for Access Tokens and issues them upon successful authentication. The service acting as a middleman between client and resource owner.

Authorization server use this maven dependency:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-authorization-server</artifactId>
    <version>1.0.0</version>
</dependency>

Answered By – Subarata Talukder

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published