BestHub
Sign in
Information Security 7 min read

Quickly Set Up Spring Authorization Server with Zero‑Config

This guide walks you through building a Spring Authorization Server using the SAS starter, configuring clients, testing token endpoints, and integrating a resource server, all with minimal setup and Maven dependencies for Spring Boot 3.x.

Java Architecture Diary
Java Architecture Diary
Java Architecture Diary
Quickly Set Up Spring Authorization Server with Zero‑Config

Background

Spring has discontinued maintenance of the Spring Security OAuth project, and the Spring Authorization Server (SAS) now provides a production‑ready OAuth2 authorization server within the Spring ecosystem.

Zero‑Configuration SAS Starter

Add the following Maven dependency to enable the SAS starter with no additional configuration (requires Spring Boot 3.x):

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>

You can also select the starter directly in Spring Initializr.

Authorization Server Usage

Server Setup

Include the SAS starter and the Spring Web starter:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>

Configuration

Add two client registrations to application.yml (or application.properties).

# Client Credentials Grant
spring.security.oauth2.authorizationserver.client.client-1.registration.client-id=admin-client
spring.security.oauth2.authorizationserver.client.client-1.registration.client-secret={bcrypt}$2a$10$jdJGhzsiIqYFpjJiYWMl/eKDOd8vdyQis2aynmFN0dgJ53XvpzzwC
spring.security.oauth2.authorizationserver.client.client-1.registration.client-authentication-methods=client_secret_basic
spring.security.oauth2.authorizationserver.client.client-1.registration.authorization-grant-types=client_credentials
spring.security.oauth2.authorizationserver.client.client-1.registration.scopes=user.read,user.write

# Authorization Code Grant
spring.security.oauth2.authorizationserver.client.client-2.registration.client-id=admin-client2
spring.security.oauth2.authorizationserver.client.client-2.registration.client-secret={noop}secret
spring.security.oauth2.authorizationserver.client.client-2.registration.client-authentication-methods=client_secret_basic
spring.security.oauth2.authorizationserver.client.client-2.registration.authorization-grant-types=authorization_code,refresh_token
spring.security.oauth2.authorizationserver.client.client-2.registration.redirect-uris[0]=https://pig4cloud.com
spring.security.oauth2.authorizationserver.client.client-2.registration.scopes=user.read,user.write

Test Calls

1️⃣ Client Credentials Token

POST /oauth2/token with body:

grant_type: client_credentials
scope: user.read

2️⃣ Authorization Code Token

Obtain the code via

http://localhost:8080/oauth2/authorize?client_id=admin-client2&response_type=code&redirect_uri=https://pig4cloud.com

, then POST /oauth2/token with body:

grant_type: authorization_code
scope: user.read
code: <authorization_code_here>
redirect_uri: https://pig4cloud.com

3️⃣ Refresh Token

grant_type: refresh_token
refresh_token: <refresh_token_here>

4️⃣ Introspection Endpoint

token: <access_token_here>

5️⃣ Revoke Token

token: <token_to_revoke>

Resource Server Usage

Setup

Add the resource‑server and web starters:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>

Configuration

Specify the issuer URI of the authorization server:

spring.security.oauth2.resourceserver.jwt.issuer-uri=http://127.0.0.1:8080

Business Code Test

@GetMapping
public String principal(Principal principal) {
    return principal.getName();
}

Test with curl:

curl --location --request GET 'http://127.0.0.1:8081/' \
--header 'Authorization: Bearer XXX'

References

[1] PIG Microservice Development Platform – https://github.com/pig-mesh/pig

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

MicroservicesOAuth2spring-bootinformation-securityauthorization-server
Java Architecture Diary
Written by

Java Architecture Diary

Committed to sharing original, high‑quality technical articles; no fluff or promotional content.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment