BestHub
search
Sign in
Information Security 7 min read

Quickly Set Up Spring Authorization Server with Zero‑Config

This guide walks you through building a Spring Authorization Server using the SAS starter, configuring clients, testing token endpoints, and integrating a resource server, all with minimal setup and Maven dependencies for Spring Boot 3.x.

Java Architecture Diary
Java Architecture Diary
Java Architecture Diary
Quickly Set Up Spring Authorization Server with Zero‑Config

Background

Spring has discontinued maintenance of the Spring Security OAuth project, and the Spring Authorization Server (SAS) now provides a production‑ready OAuth2 authorization server within the Spring ecosystem.

Zero‑Configuration SAS Starter

Add the following Maven dependency to enable the SAS starter with no additional configuration (requires Spring Boot 3.x):

<code>&lt;dependency&gt;
  &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
  &lt;artifactId&gt;spring-boot-starter-oauth2-authorization-server&lt;/artifactId&gt;
&lt;/dependency&gt;</code>

You can also select the starter directly in Spring Initializr.

Authorization Server Usage

Server Setup

Include the SAS starter and the Spring Web starter:

<code>&lt;dependency&gt;
  &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
  &lt;artifactId&gt;spring-boot-starter-oauth2-authorization-server&lt;/artifactId&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
  &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
  &lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt;
&lt;/dependency&gt;</code>

Configuration

Add two client registrations to

application.yml

(or

application.properties

).

<code># Client Credentials Grant
spring.security.oauth2.authorizationserver.client.client-1.registration.client-id=admin-client
spring.security.oauth2.authorizationserver.client.client-1.registration.client-secret={bcrypt}$2a$10$jdJGhzsiIqYFpjJiYWMl/eKDOd8vdyQis2aynmFN0dgJ53XvpzzwC
spring.security.oauth2.authorizationserver.client.client-1.registration.client-authentication-methods=client_secret_basic
spring.security.oauth2.authorizationserver.client.client-1.registration.authorization-grant-types=client_credentials
spring.security.oauth2.authorizationserver.client.client-1.registration.scopes=user.read,user.write

# Authorization Code Grant
spring.security.oauth2.authorizationserver.client.client-2.registration.client-id=admin-client2
spring.security.oauth2.authorizationserver.client.client-2.registration.client-secret={noop}secret
spring.security.oauth2.authorizationserver.client.client-2.registration.client-authentication-methods=client_secret_basic
spring.security.oauth2.authorizationserver.client.client-2.registration.authorization-grant-types=authorization_code,refresh_token
spring.security.oauth2.authorizationserver.client.client-2.registration.redirect-uris[0]=https://pig4cloud.com
spring.security.oauth2.authorizationserver.client.client-2.registration.scopes=user.read,user.write</code>

Test Calls

1️⃣ Client Credentials Token

POST

/oauth2/token

with body:

<code>grant_type: client_credentials
scope: user.read</code>

2️⃣ Authorization Code Token

Obtain the code via

http://localhost:8080/oauth2/authorize?client_id=admin-client2&response_type=code&redirect_uri=https://pig4cloud.com

, then POST

/oauth2/token

with body:

<code>grant_type: authorization_code
scope: user.read
code: &lt;authorization_code_here&gt;
redirect_uri: https://pig4cloud.com</code>

3️⃣ Refresh Token

<code>grant_type: refresh_token
refresh_token: &lt;refresh_token_here&gt;</code>

4️⃣ Introspection Endpoint

<code>token: &lt;access_token_here&gt;</code>

5️⃣ Revoke Token

<code>token: &lt;token_to_revoke&gt;</code>

Resource Server Usage

Setup

Add the resource‑server and web starters:

<code>&lt;dependency&gt;
  &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
  &lt;artifactId&gt;spring-boot-starter-oauth2-resource-server&lt;/artifactId&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
  &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
  &lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt;
&lt;/dependency&gt;</code>

Configuration

Specify the issuer URI of the authorization server:

<code>spring.security.oauth2.resourceserver.jwt.issuer-uri=http://127.0.0.1:8080</code>

Business Code Test

<code>@GetMapping
public String principal(Principal principal) {
    return principal.getName();
}</code>

Test with curl:

<code>curl --location --request GET 'http://127.0.0.1:8081/' \
--header 'Authorization: Bearer XXX'</code>

References

[1] PIG Microservice Development Platform – https://github.com/pig-mesh/pig

microservicesSpring Bootinformation securityOAuth2authorization-server
Java Architecture Diary
Written by

Java Architecture Diary

Committed to sharing original, high‑quality technical articles; no fluff or promotional content.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment