Tagged articles

185 articles

Page 2 of 2

Jan 10, 2022 · Information Security

Understanding OAuth2.0 Single Sign‑On (SSO) and Its Implementation with SpringBoot

This article explains the principles of Single Sign‑On using OAuth2.0, illustrates the workflow with a real‑world analogy, and provides a complete SpringBoot example—including authorization server, client configuration, role‑based access control, and micro‑service integration—so readers can master SSO implementation and security design.

AuthenticationAuthorizationOAuth2

0 likes · 14 min read

Understanding OAuth2.0 Single Sign‑On (SSO) and Its Implementation with SpringBoot

Java Interview Crash Guide

Jan 6, 2022 · Information Security

Mastering OAuth2 SSO: Real-World Scenarios and Spring Boot Guide

This article demystifies Single Sign-On using OAuth2.0 by illustrating the authentication and authorization flow through a real‑world analogy, explaining HTTP redirects, detailing the four grant types, and providing a complete Spring Boot implementation with role‑based access control for both client and server sides in microservice architectures.

AuthorizationOAuth2Single Sign-On

0 likes · 11 min read

Mastering OAuth2 SSO: Real-World Scenarios and Spring Boot Guide

21CTO

Jan 2, 2022 · Information Security

How to Secure Public APIs: Signatures, OAuth2, and Encryption Strategies

This article explains practical methods to protect externally exposed APIs, covering token‑based access, OAuth2.0 authorization, signature verification, encryption techniques (hashing, symmetric and asymmetric), key management, and provides Java code samples for DES and RSA implementations.

API SecurityJavaOAuth2

0 likes · 13 min read

How to Secure Public APIs: Signatures, OAuth2, and Encryption Strategies

Selected Java Interview Questions

Dec 27, 2021 · Information Security

Understanding OAuth2: Concepts, Grant Types, and Spring Boot Implementation

This article explains the OAuth2 authorization framework, illustrates its principles with a delivery‑person analogy, details the four main grant types, and provides a step‑by‑step Spring Boot implementation including server configuration, resource protection, and Postman testing.

AuthorizationGrant TypesOAuth2

0 likes · 17 min read

Understanding OAuth2: Concepts, Grant Types, and Spring Boot Implementation

Programmer DD

Nov 21, 2021 · Information Security

Understanding OAuth2 Scopes vs Roles: When to Use Scope and Role in Access Control

After adopting OAuth2.0, the added concept of scope often confuses developers; this article clarifies the differences between scope and role, explains how each controls access, shows Spring Security code examples, and highlights their complementary relationship in securing APIs.

OAuth2Roleaccess control

0 likes · 4 min read

Understanding OAuth2 Scopes vs Roles: When to Use Scope and Role in Access Control

Programmer DD

Nov 18, 2021 · Information Security

Configure Spring Authorization Server with JDBC Persistence in Spring Boot

This tutorial walks through setting up a Spring Authorization Server in a Spring Boot servlet project, adding required dependencies, configuring filter chains, persisting OAuth2 clients, authorizations, and consents with JDBC, and defining JWK sources and provider settings for a complete OAuth2 authorization server.

JDBCJWKOAuth2

0 likes · 18 min read

Configure Spring Authorization Server with JDBC Persistence in Spring Boot

Programmer DD

Nov 14, 2021 · Information Security

Deep Dive into Spring Authorization Server: Configuring OAuth2 Filters

This article explains the modular configuration of Spring Security's OAuth2 components, showcases the core config classes for client, resource, and authorization servers, and details the default filter chain and customizable filter configurers used by Spring Authorization Server.

Backend SecurityJavaOAuth2

0 likes · 7 min read

Deep Dive into Spring Authorization Server: Configuring OAuth2 Filters

Programmer DD

Nov 12, 2021 · Information Security

Master Spring Authorization Server: Build a Production-Ready OAuth2 Flow

This guide walks you through replacing Spring Security OAuth2.0 with the production-ready Spring Authorization Server, showing how to add OAuth2 client, resource server, and authorization server dependencies, and demonstrating a complete authorization‑code flow demo with detailed request/response examples and configuration snippets.

Authorization ServerJavaOAuth2

0 likes · 7 min read

Master Spring Authorization Server: Build a Production-Ready OAuth2 Flow

Programmer DD

Oct 30, 2021 · Backend Development

How to Transform a Monolith into a Spring Cloud OAuth2 Resource Server

This tutorial walks through converting a monolithic Spring application into a Spring Cloud microservice by implementing a JWT‑based OAuth2 resource server, covering required dependencies, custom JWT decoding, key separation, security filter configuration, and token parsing customization.

Backend DevelopmentJWTOAuth2

0 likes · 10 min read

How to Transform a Monolith into a Spring Cloud OAuth2 Resource Server

Programmer DD

Oct 29, 2021 · Information Security

Why You Need an OAuth2 Resource Server for Microservice Security

This article explains what an OAuth2 Resource Server is, why traditional monolithic security models become cumbersome in microservice architectures, and how decoupling authentication from authorization using JWTs simplifies token validation across distributed services.

OAuth2Resource Serverspring-security

0 likes · 5 min read

Why You Need an OAuth2 Resource Server for Microservice Security

Qingyun Technology Community

Oct 21, 2021 · Information Security

Understanding Authentication: Session Cookies, Tokens, SSO, OAuth2 & More

This article explains the fundamentals of authentication, covering session‑cookie and token methods, their workflows, security considerations, and advanced techniques such as single sign‑on, OAuth2, LDAP, and two‑factor authentication, with practical examples and code snippets.

2FAJWTOAuth2

0 likes · 9 min read

Understanding Authentication: Session Cookies, Tokens, SSO, OAuth2 & More

Java Architect Essentials

Oct 17, 2021 · Backend Development

Unified Multi-Account Login: Architecture, Flow, and Database Design

This article explains the concept of multi‑account login using third‑party identities, describes early‑stage username/password and mobile‑number authentication flows, presents a detailed database schema, and outlines the integration process for services like QQ‑SDK following OAuth2.0 principles.

AuthenticationOAuth2login

0 likes · 9 min read

Unified Multi-Account Login: Architecture, Flow, and Database Design

Java High-Performance Architecture

Oct 8, 2021 · Backend Development

Designing Secure Open Platform APIs: OAuth2, Signing, and Best Practices

This article outlines a practical approach to designing open platform APIs, covering usability, security, stability, service provider application setup, OAuth2 authorization flow, system and business request parameters, and concrete signing and verification code examples.

OAuth2Open Platformapi-design

0 likes · 9 min read

Designing Secure Open Platform APIs: OAuth2, Signing, and Best Practices

Architecture Digest

Oct 7, 2021 · Backend Development

Designing Open Platform APIs: Application Registration, OAuth2 Authorization, Request Parameters, and Signature Verification

This article outlines a practical approach to designing open‑platform APIs, covering service‑provider application registration, usability, security, OAuth2‑based authorization, systematic and business request parameters, signature generation, verification, and best‑practice code examples.

BackendOAuth2Open Platform

0 likes · 9 min read

Designing Open Platform APIs: Application Registration, OAuth2 Authorization, Request Parameters, and Signature Verification

GrowingIO Tech Team

Sep 16, 2021 · Information Security

How GrowingIO Unified OAuth2, LDAP, and CAS for Seamless SSO Integration

GrowingIO’s server-side solution integrates three distinct authentication protocols—OAuth2, LDAP, and CAS—into a unified SSO flow, detailing each protocol’s process, the overall architecture, role of the IAM and Gateway components, and providing configuration and code examples for implementation.

AuthenticationCASLDAP

0 likes · 12 min read

How GrowingIO Unified OAuth2, LDAP, and CAS for Seamless SSO Integration

Spring Full-Stack Practical Cases

Aug 20, 2021 · Information Security

How to Build an OAuth2 Authorization Server with Spring Boot, Redis, and Custom Token Store

This guide walks through creating a Spring Boot 2.2.11 OAuth2 authorization server that stores tokens in Redis, defines custom client and user entities, configures grant types, and demonstrates testing each flow, complete with code snippets and configuration files.

Authorization ServerJavaOAuth2

0 likes · 17 min read

How to Build an OAuth2 Authorization Server with Spring Boot, Redis, and Custom Token Store

Spring Full-Stack Practical Cases

Aug 20, 2021 · Backend Development

Fixing Spring Boot OAuth2 Session Errors: A Complete Walkthrough

This guide explains how to integrate OAuth2 with Spring Boot 2.3.10, troubleshoot missing OAuth2AuthorizationRequest in the session, and resolve the issue by adjusting host configuration and domain settings, providing full code snippets and configuration details.

ConfigurationJavaOAuth2

0 likes · 8 min read

Fixing Spring Boot OAuth2 Session Errors: A Complete Walkthrough

Programmer DD

Aug 19, 2021 · Backend Development

Integrate WeChat OAuth2 with Spring Security for Secure Web Apps

This guide walks through setting up WeChat web authorization, customizing Spring Security's OAuth2 flow, handling token exchange, and retrieving user info, providing a complete backend solution for secure WeChat-enabled applications.

JavaOAuth2Spring Boot

0 likes · 16 min read

Integrate WeChat OAuth2 with Spring Security for Secure Web Apps

Programmer DD

Aug 7, 2021 · Information Security

How to Seamlessly Integrate Keycloak with Spring Security in Spring Boot

This tutorial explains step‑by‑step how to add Keycloak authentication to a Spring Boot application using the Spring Security adapter, covering Maven dependencies, configuration files, custom resolvers, role mapping, session strategies, and the typical authorization code flow.

AuthenticationJavaKeycloak

0 likes · 10 min read

How to Seamlessly Integrate Keycloak with Spring Security in Spring Boot

macrozheng

Jul 27, 2021 · Information Security

Quickly Secure Your SpringBoot Apps with Keycloak: Docker Setup & OAuth2 Integration

This tutorial walks through installing Keycloak via Docker, exploring its admin console, configuring realms, users, and clients, and demonstrates both authorization code and password grant flows before integrating Keycloak with a SpringBoot application to protect APIs using OAuth2.

AuthenticationAuthorizationDocker

0 likes · 8 min read

Quickly Secure Your SpringBoot Apps with Keycloak: Docker Setup & OAuth2 Integration

Code Ape Tech Column

Jul 23, 2021 · Information Security

Mastering OAuth2 SSO with SpringBoot: A Step‑by‑Step Guide

This article explains the principles of Single Sign‑On using OAuth2.0, illustrates the flow with a real‑world analogy, and provides a complete SpringBoot implementation for both the authorization server and client, including role‑based permission control and microservice integration.

AuthenticationAuthorizationMicroservices

0 likes · 11 min read

Mastering OAuth2 SSO with SpringBoot: A Step‑by‑Step Guide

Programmer DD

Jul 21, 2021 · Information Security

Why OIDC Extends OAuth2: Secure Authentication with Keycloak Explained

This article explains how OpenID Connect (OIDC) builds on OAuth 2.0 to provide authentication, demonstrates a practical Keycloak integration with a Spring Boot app, and walks through a complete authorization flow for a photo‑storage service using client credentials and secure token exchange.

AuthenticationAuthorizationKeycloak

0 likes · 8 min read

Why OIDC Extends OAuth2: Secure Authentication with Keycloak Explained

IT Architects Alliance

Jul 10, 2021 · Information Security

Designing Token‑Based Authentication: OAuth2, JWT, and System Architecture

This article examines why enterprises need a unified account management system, explains token‑based authentication advantages, defines key OAuth2 and JWT concepts, outlines the typical token flow, and details the technical choices and process logic for secure, stateless access control across microservices.

JWTMicroservicesOAuth2

0 likes · 9 min read

Designing Token‑Based Authentication: OAuth2, JWT, and System Architecture

Java Architect Essentials

Jun 4, 2021 · Backend Development

Implementing GitHub and QQ OAuth2 Login with Spring Boot

This article provides a step‑by‑step guide to integrating GitHub and QQ third‑party OAuth2 login in a Spring Boot backend, covering app registration, required URLs, state handling to prevent CSRF, and complete Java code for authorization, token exchange, and user info retrieval.

BackendGitHubJava

0 likes · 10 min read

Implementing GitHub and QQ OAuth2 Login with Spring Boot

Laravel Tech Community

May 26, 2021 · Backend Development

Implementing QQ Login with OAuth2.0: Step‑by‑Step Guide

This guide explains how to implement QQ login using the official OAuth2.0 flow, covering developer registration, creating a website application, obtaining the authorization code, access token, and OpenID, and finally calling the get_user_info API to retrieve user details.

JavaScriptOAuth2QQ Login

0 likes · 8 min read

Implementing QQ Login with OAuth2.0: Step‑by‑Step Guide

ITFLY8 Architecture Home

May 23, 2021 · Backend Development

Designing Scalable Multi-Account Login: Strategies, Flows, and Database Schemas

This article outlines practical approaches for implementing multi‑account login, covering early‑stage username/password and phone‑based registration, detailed authentication flows, OAuth2 integration with third‑party providers, and comprehensive database schema designs to unify local and external user identities.

AuthenticationBackend DevelopmentDatabase design

0 likes · 9 min read

Designing Scalable Multi-Account Login: Strategies, Flows, and Database Schemas

Programmer DD

May 20, 2021 · Information Security

Mastering JWT Bearer Grant in Spring Security 5.5 for OAuth2.0

Spring Security 5.5 introduces the JWT Bearer grant, an OAuth2.0 authorization mode defined in RFC7523, allowing clients to obtain access tokens using trusted JWTs and also to authenticate themselves, offering a streamlined alternative to traditional user‑approval flows.

AuthenticationJWTOAuth2

0 likes · 6 min read

Mastering JWT Bearer Grant in Spring Security 5.5 for OAuth2.0

Spring Full-Stack Practical Cases

May 18, 2021 · Backend Development

Troubleshooting Spring Boot OAuth2 Integration: Session Issues and Fixes

This guide walks through configuring Spring Boot 2.3.10 with OAuth2 client support, detailing required dependencies, application and security settings, common session‑related errors, step‑by‑step debugging of OAuth2LoginAuthenticationFilter and OAuth2AuthorizationRequestRedirectFilter, and the final solution of aligning hostnames to preserve cookies.

DebuggingOAuth2Security

0 likes · 9 min read

Troubleshooting Spring Boot OAuth2 Integration: Session Issues and Fixes

Spring Full-Stack Practical Cases

May 7, 2021 · Backend Development

How to Add a Confirmation Step to Spring Boot 2 OAuth2 Authorization Flow

This guide explains why Spring Boot 2’s OAuth2 authorization code flow skips the user‑approval page, walks through the relevant source code, and shows how to customize the confirmation and login pages, configure controllers and security settings, and verify the changes with tests.

AuthorizationCustom LoginOAuth2

0 likes · 10 min read

How to Add a Confirmation Step to Spring Boot 2 OAuth2 Authorization Flow

Top Architect

May 6, 2021 · Backend Development

Unified Multi-Account Login Architecture and Design

This article explains the concept, technical solutions, workflow diagrams, and database schema for implementing unified multi‑account login using username/password, mobile verification, and third‑party OAuth2 integrations, providing practical design guidance without detailed source code.

BackendDatabase designOAuth2

0 likes · 11 min read

Unified Multi-Account Login Architecture and Design

Spring Full-Stack Practical Cases

May 6, 2021 · Backend Development

Secure Spring Boot 2 Resource Server with OAuth2 and Redis Token Store

This guide demonstrates how to integrate Spring Boot 2 with OAuth2 to build a protected resource server, configure Redis for token storage, define domain and security classes, and test the secured endpoints, complete with code snippets and visual verification steps.

OAuth2Resource ServerSecurity

0 likes · 7 min read

Secure Spring Boot 2 Resource Server with OAuth2 and Redis Token Store

Spring Full-Stack Practical Cases

May 5, 2021 · Backend Development

How to Build a Spring OAuth2 Authorization Server with Redis Token Store

This tutorial walks through setting up a Spring Boot 2.2.11 OAuth2 authorization server that stores tokens in Redis, covering Maven dependencies, YAML configuration, JPA entities, DAO interfaces, core server configuration, custom client details, authentication provider, password encoder, and detailed testing of all OAuth2 grant types.

Authorization ServerOAuth2Security

0 likes · 16 min read

How to Build a Spring OAuth2 Authorization Server with Redis Token Store

21CTO

Mar 9, 2021 · Backend Development

Mastering OAuth2 SSO with Spring Security and JWT: A Step‑by‑Step Guide

This tutorial walks through building a single sign‑on (SSO) system using OAuth2, Spring Security, and JWT, covering preparation, core concepts, Maven dependencies, configuration files, custom login pages, client setup, logout handling, project structure, and a full demonstration.

AuthenticationBackendJWT

0 likes · 25 min read

Mastering OAuth2 SSO with Spring Security and JWT: A Step‑by‑Step Guide

Top Architect

Feb 28, 2021 · Information Security

Comparison of JWT and OAuth2: Concepts, Implementation, and Use Cases

This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes their structures, security considerations, implementation details, and outlines appropriate scenarios for using each method to protect APIs.

AuthenticationAuthorizationJWT

0 likes · 10 min read

Comparison of JWT and OAuth2: Concepts, Implementation, and Use Cases

Programmer DD

Feb 23, 2021 · Backend Development

Master Spring Security OAuth2: How OAuth2AuthorizationCodeAuthenticationProvider Retrieves Tokens

This article explains the role of OAuth2AuthorizationCodeAuthenticationProvider in Spring Security, details how OAuth2AccessTokenResponseClient obtains access tokens, shows how to customize the token endpoint, and walks through the complete token‑retrieval flow with code examples and step‑by‑step analysis.

AuthenticationAuthorization Code GrantBackend Development

0 likes · 6 min read

Master Spring Security OAuth2: How OAuth2AuthorizationCodeAuthenticationProvider Retrieves Tokens

Architecture Digest

Feb 5, 2021 · Information Security

Token-Based Authentication Architecture Using OAuth2 and JWT

The article explains the design and implementation of a token‑based authentication system for micro‑services, covering terminology, business background, OAuth2 password‑grant flow, JWT usage, security advantages, functional modules, technical choices, detailed authentication workflow, and API design.

JWTMicroservicesOAuth2

0 likes · 10 min read

Token-Based Authentication Architecture Using OAuth2 and JWT

21CTO

Feb 2, 2021 · Information Security

JWT vs OAuth2: Which Authentication Method Is Right for Your API?

This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth2, outlines their structures, security considerations, implementation details, and compares their advantages, drawbacks, and suitable use cases to help developers choose the appropriate method for securing APIs.

API SecurityAuthorizationJWT

0 likes · 10 min read

JWT vs OAuth2: Which Authentication Method Is Right for Your API?

Code Ape Tech Column

Feb 2, 2021 · Information Security

JWT vs OAuth2: Which API Security Method Fits Your Needs?

This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth 2.0, outlines their structures, roles, and grant types, compares implementation effort and risk, and provides guidance on choosing the right approach for various API security scenarios.

API SecurityAuthenticationAuthorization

0 likes · 11 min read

JWT vs OAuth2: Which API Security Method Fits Your Needs?

Fulu Network R&D Team

Dec 23, 2020 · Information Security

Practical Implementation of IdentityServer4 in the Fuluteng Project

This article provides a hands‑on guide to using IdentityServer4 in the Fuluteng project, covering signing credentials, client and resource stores, persisted grant storage with Redis, various OAuth2 grant types including client credentials, authorization code, password, and custom extensions such as SMS and third‑party logins, and demonstrates role‑based authorization and JWT configuration.

ASP.NET CoreAuthenticationCustom Grant

0 likes · 26 min read

Practical Implementation of IdentityServer4 in the Fuluteng Project

Programmer DD

Dec 16, 2020 · Information Security

Spring Security OAuth2 Callback Authentication Explained: Managers & Providers

This article explores how Spring Security processes OAuth2 login callbacks, detailing the role of AuthenticationManager, the creation of OAuth2LoginAuthenticationToken, the selection of appropriate AuthenticationProvider such as OAuth2LoginAuthenticationProvider and OidcAuthorizationCodeAuthenticationProvider, and the subsequent generation of OAuth2User and token objects.

AuthenticationBackend DevelopmentJava

0 likes · 4 min read

Spring Security OAuth2 Callback Authentication Explained: Managers & Providers

Programmer DD

Nov 14, 2020 · Information Security

How Spring Security Handles OAuth2 Authorization Redirects: A Deep Dive

This article walks through Spring Security's OAuth2 authorization flow, revealing the entry URL, key resolver and filter classes, core request‑handling logic, and how the framework redirects users to third‑party providers.

AuthenticationAuthorizationOAuth2

0 likes · 6 min read

How Spring Security Handles OAuth2 Authorization Redirects: A Deep Dive

macrozheng

Oct 14, 2020 · Information Security

How Mall’s Permission Management Works: Spring Security & OAuth2 Explained

This article answers common questions about permission management in the Mall and Mall‑Swarm projects, covering deprecated tables, required SQL scripts, front‑end menu visibility, differences between Spring Security and OAuth2‑Gateway implementations, configuration fixes, token usage, and a tiny demo project for learning.

OAuth2permission managementspring-security

0 likes · 8 min read

How Mall’s Permission Management Works: Spring Security & OAuth2 Explained

Top Architect

Sep 9, 2020 · Backend Development

Implementing JWT Token Refresh in Spring Boot OAuth2

This article explains how to implement seamless JWT token refresh in a Spring Boot OAuth2 application by embedding refresh information into the access token, customizing token services, defining a token refresh executor, and handling the refreshed token on the front‑end with an Axios interceptor.

JWTOAuth2Spring Boot

0 likes · 15 min read

Implementing JWT Token Refresh in Spring Boot OAuth2

Laravel Tech Community

Sep 8, 2020 · Backend Development

Unified Multi-Account Login: Architecture, Flow, and Database Design

This article explains the technical solutions for unified multi‑account login in web applications, covering early‑stage username/password and mobile verification flows, detailed process steps, OAuth2.0 third‑party integration, and comprehensive database schema design for local and third‑party user authentication.

AuthenticationBackendDatabase design

0 likes · 8 min read

Java Captain

Aug 23, 2020 · Information Security

Unified Multi‑Account Login: Architecture, Flow, and Database Design

This article explains the concept of multi‑account unified login in internet applications, detailing early‑stage username/password and mobile‑based authentication flows, the evolution to third‑party OAuth2 integration, and provides comprehensive database schema designs for local and third‑party user accounts.

AuthenticationOAuth2third-party

0 likes · 10 min read

Architect's Alchemy Furnace

Jul 12, 2020 · Information Security

How to Create a Custom SMS Code Grant Type in Spring OAuth2

This tutorial explains how to extend Spring Security's OAuth2 authorization server by implementing a custom SMS‑code grant type, covering the necessary configuration classes, bean definitions, token store setup, and client usage examples.

Custom GrantJavaOAuth2

0 likes · 11 min read

How to Create a Custom SMS Code Grant Type in Spring OAuth2

macrozheng

Jul 9, 2020 · Backend Development

How to Build a Unified OAuth2 Authentication & Authorization System with Spring Cloud Gateway

This guide walks through building a unified microservice authentication and authorization solution using Spring Boot 2.2+, Spring Cloud Hoxton, Nacos, Spring Cloud Gateway, and JWT, detailing the architecture, service division, and step‑by‑step implementation of auth, gateway, and API services with code examples.

JWTMicroservicesOAuth2

0 likes · 22 min read

How to Build a Unified OAuth2 Authentication & Authorization System with Spring Cloud Gateway

Architect's Alchemy Furnace

Jul 5, 2020 · Information Security

How to Build an OAuth2 Security Framework in Spring Cloud Microservices

This article explains the fundamentals of OAuth2, its four grant types and roles, and provides step‑by‑step Spring Boot and Spring Cloud configurations—including authorization and resource server setup, custom token filters, and Zuul gateway integration—to secure microservice APIs.

JavaMicroservicesOAuth2

0 likes · 15 min read

How to Build an OAuth2 Security Framework in Spring Cloud Microservices

Liangxu Linux

Jun 11, 2020 · Backend Development

How to Build a Unified Multi‑Account Login System with Third‑Party OAuth

This article explains the technical design of a unified multi‑account login system, covering early‑stage username/password and phone‑based authentication, detailed flow steps, database schema, and integration of third‑party OAuth (e.g., QQ) while highlighting practical considerations and limitations.

AuthenticationOAuth2database-design

0 likes · 10 min read

How to Build a Unified Multi‑Account Login System with Third‑Party OAuth

21CTO

Jun 11, 2020 · Information Security

Understanding OAuth2: How Access Tokens Secure User Data

This guide walks developers through the OAuth2 workflow, illustrating how users, client applications, resource servers, and authorization servers interact via access tokens to securely protect and grant access to user data, and highlights the critical steps of token issuance and validation.

Authorization ServerOAuth2Resource Server

0 likes · 8 min read

Understanding OAuth2: How Access Tokens Secure User Data

Java High-Performance Architecture

Jun 11, 2020 · Information Security

Understanding OAuth2: How Access Tokens Secure User Data

This article walks through the OAuth2 workflow, explaining why access tokens are needed, the roles of the resource server, client application, and authorization server, and how tokens are requested, issued, validated, and used to protect user data.

Authorization ServerOAuth2Resource Server

0 likes · 7 min read

Java Architecture Diary

May 7, 2020 · Backend Development

How to Customize OAuth 2.0 Token Endpoint in Spring Security

Learn how to retrieve OAuth 2.0 tokens using the password grant, customize the default token endpoint with Spring Security OAuth2, and understand the underlying source code that maps the new endpoint, complete with practical curl commands and Java configuration examples.

JavaOAuth2Token Endpoint

0 likes · 4 min read

How to Customize OAuth 2.0 Token Endpoint in Spring Security

Java Architecture Diary

Apr 29, 2020 · Backend Development

Enforcing Single-Device Login with Spring Security OAuth2

This article explains how to modify Spring Security OAuth2's token service to enforce a single-device login by customizing token creation and key generation logic, removing existing tokens for the same user and ignoring client identifiers, with code examples and deployment steps.

JavaOAuth2Single Sign-On

0 likes · 5 min read

Enforcing Single-Device Login with Spring Security OAuth2

Programmer DD

Apr 21, 2020 · Information Security

Why Spring Is Launching a New Authorization Server and What It Means for Developers

Spring has announced a community‑driven Spring Authorization Server project to fill the gap left by the outdated Spring Security OAuth, aiming to provide modern OAuth support within the Spring ecosystem and inviting contributors to help it succeed.

Authorization ServerOAuth2open-source

0 likes · 3 min read

Why Spring Is Launching a New Authorization Server and What It Means for Developers

Java Architecture Diary

Apr 20, 2020 · Backend Development

How to Customize OAuth2 Tokens with Business Data in Spring Security

This article explains how to extend the default OAuth2 token response by embedding business-related fields such as tenant_id, user_id, and username, and walks through the underlying Spring Security code—including the password grant flow, token creation, and enhancement process—illustrated with code snippets and diagrams.

AuthenticationOAuth2Token Customization

0 likes · 5 min read

How to Customize OAuth2 Tokens with Business Data in Spring Security

Laravel Tech Community

Apr 14, 2020 · Information Security

How to Secure Laravel APIs with Passport: A Complete OAuth2 Guide

This guide explains how to use Laravel Passport to implement OAuth2 authentication for API endpoints, covering installation, database migrations, token generation, client management, scope definition, route protection, JavaScript integration, event handling, and testing with detailed code examples.

API authenticationLaravelOAuth2

0 likes · 25 min read

How to Secure Laravel APIs with Passport: A Complete OAuth2 Guide

Java Architecture Diary

Apr 7, 2020 · Information Security

Why OAuth2 Tokens Miss expires_in and How Spring Security Handles It

The article examines why the demo environment of pig4cloud returns an OAuth2 access token without the expires_in field, contrasts it with a local deployment, analyzes the Spring Security OAuth2 token generation code, and explains that according to the OAuth2 specification the expires_in parameter should be returned even for permanently valid tokens.

OAuth2access_tokenexpires_in

0 likes · 4 min read

Why OAuth2 Tokens Miss expires_in and How Spring Security Handles It

Java Architecture Diary

Apr 6, 2020 · Backend Development

How to Implement SSO Login with Spring Security and Vue: Step‑by‑Step Guide

This article walks through the complete SSO login flow—from the browser request to the SSO server, code exchange, token generation, and front‑end redirection—while detailing front‑end and back‑end code modifications needed for password‑less authentication.

0 likes · 4 min read

How to Implement SSO Login with Spring Security and Vue: Step‑by‑Step Guide

Java Architecture Diary

Mar 18, 2020 · Information Security

How OAuth2 Token Validation, Generation, and Refresh Really Work

This article explains the complete OAuth2 token lifecycle—including how resource servers validate incoming tokens, how the authorization server creates and reuses access tokens, and the mechanisms for passive and active token refresh—complete with Java code examples and practical client‑side strategies.

AuthenticationBackendOAuth2

0 likes · 7 min read

How OAuth2 Token Validation, Generation, and Refresh Really Work

Architecture Digest

Jan 8, 2020 · Information Security

Security Authentication and Authorization Strategies for Microservice Architecture

This article examines the evolution from monolithic to microservice architectures and presents various authentication and authorization solutions—including SSO, distributed sessions, client tokens, JWT, and OAuth 2.0—highlighting their principles, advantages, and practical considerations for securing inter‑service and external access.

JWTMicroservicesOAuth2

0 likes · 19 min read

Security Authentication and Authorization Strategies for Microservice Architecture

Architecture Digest

Jan 2, 2020 · Information Security

Understanding OAuth 2.0: Roles, Grant Types, and Spring Security OAuth2 Client Implementation

This article explains the OAuth 2.0 authorization framework, describes its four core roles and various grant types, and demonstrates how to configure a Spring Security OAuth2 client for GitHub login, including endpoint details, request parameters, and code examples.

AuthorizationBackendGrant Types

0 likes · 22 min read

Understanding OAuth 2.0: Roles, Grant Types, and Spring Security OAuth2 Client Implementation

Java High-Performance Architecture

Dec 27, 2019 · Information Security

Why Basic Auth Fails and How OAuth2+JWT Secures Modern REST APIs

An overview of three RESTful web service security approaches—Basic authentication, OAuth 2.0, and OAuth 2.0 combined with JWT—examining their mechanisms, scalability drawbacks, and why JWT‑based solutions offer superior extensibility for micro‑service architectures, illustrated with Amazon’s token‑signing method.

JWTOAuth2Security

0 likes · 5 min read

Why Basic Auth Fails and How OAuth2+JWT Secures Modern REST APIs

macrozheng

Nov 4, 2019 · Information Security

Master OAuth2 with Spring Cloud Security: Step‑by‑Step Guide

This article introduces Spring Cloud Security and demonstrates how to integrate OAuth2 for single sign‑on, token relay, and token exchange in a Spring Boot application, covering OAuth2 concepts, authorization flows, module setup, configuration, and practical usage of authorization‑code and password grant types with code examples.

BackendJavaOAuth2

0 likes · 11 min read

Master OAuth2 with Spring Cloud Security: Step‑by‑Step Guide

Alibaba Cloud Native

Oct 9, 2019 · Cloud Native

Why Private Docker Image Pull Fails and How K8s Automates It with OAuth

This article explains why private Docker image pulls often fail due to credential handling, walks through the OAuth 2.0 protocol, details Docker login and manifest retrieval steps, and shows how Kubernetes automates secure image pulling using secrets, admission controllers, and the Acr credential helper.

DockerImage Pull SecretsKubernetes

0 likes · 12 min read

Why Private Docker Image Pull Fails and How K8s Automates It with OAuth

Java Architecture Diary

Sep 20, 2019 · Information Security

How to Ensure Consistent OAuth2 Tokens Across Multiple Clients with Custom Key Generation

This article explains how to achieve consistent OAuth2 token handling across multiple clients and tenants by customizing the token key generation, overriding DefaultTokenServices logic, and configuring a RedisTokenStore with a custom AuthenticationKeyGenerator in a Spring Boot application.

JavaOAuth2redis

0 likes · 5 min read

How to Ensure Consistent OAuth2 Tokens Across Multiple Clients with Custom Key Generation

Java Architecture Diary

Aug 30, 2019 · Backend Development

Simplify OAuth2 Setup with Spring Cloud Hoxton: A Step‑by‑Step Guide

This tutorial walks you through building a lightweight OAuth2 authentication server using Spring Cloud Hoxton, covering required dependencies, web security configuration, client details, grant types, testing with the password flow, and key insights on Spring Security password handling.

AuthenticationBackendJava

0 likes · 4 min read

Simplify OAuth2 Setup with Spring Cloud Hoxton: A Step‑by‑Step Guide

Java Architecture Diary

Aug 24, 2019 · Backend Development

Simplify OAuth2 Authentication with Spring Cloud Hoxton: A Step‑by‑Step Guide

Learn how to quickly set up an OAuth2 authentication server using Spring Cloud Hoxton, including Maven dependencies, web security configuration, client details, and password‑grant testing, while also covering Spring Security’s {noop} password handling and providing useful code snippets for developers.

Authentication ServerJavaOAuth2

0 likes · 4 min read

Simplify OAuth2 Authentication with Spring Cloud Hoxton: A Step‑by‑Step Guide

Java Captain

Jul 23, 2019 · Backend Development

Design and Implementation of a Multi‑Account Login System with Third‑Party Integration

This article explains the technical solutions, workflow diagrams, and database schema for building a multi‑account login system that supports username/password, phone‑number, and third‑party (e.g., QQ, WeChat) authentication, while outlining security measures such as password hashing, login throttling, and token management.

BackendDatabase designOAuth2

0 likes · 10 min read

Design and Implementation of a Multi‑Account Login System with Third‑Party Integration

Java Architecture Diary

Apr 16, 2019 · Information Security

Demystifying Spring Security OAuth: Core Classes and Token Generation Flow

This article walks through Spring Security OAuth's core classes, explaining how the TokenEndpoint processes /oauth/token requests, validates client details, builds TokenRequests, delegates to TokenGranters, and ultimately generates and returns an OAuth2 access token.

JavaOAuth2Token Generation

0 likes · 11 min read

Demystifying Spring Security OAuth: Core Classes and Token Generation Flow

Java Architecture Diary

Mar 28, 2019 · Backend Development

How to Customize OAuth2 Tokens with Business Data in Spring Cloud

This article explains how to extend the default OAuth2 token response by adding business-related fields such as tenant, user, and department IDs, and walks through the relevant Spring Cloud source code that generates and enhances tokens for improved performance and security.

BackendOAuth2Security

0 likes · 6 min read

How to Customize OAuth2 Tokens with Business Data in Spring Cloud

Java Architecture Diary

Mar 20, 2019 · Information Security

Extending Spring OAuth2 Token Validation to Populate Full User Details

This article explains how to customize the default OAuth2 check‑token flow in Spring Cloud by extending the token converter to assemble complete user information—including IDs, department and tenant data—directly into the security context, eliminating extra database queries and improving performance.

AuthenticationJavaOAuth2

0 likes · 5 min read

Extending Spring OAuth2 Token Validation to Populate Full User Details

Java Architecture Diary

Mar 19, 2019 · Information Security

Eliminate OAuth2 Check‑Token Bottleneck with JWT and Custom Token Services

This article explains how the default OAuth2 check‑token flow creates a performance bottleneck, then shows how to extend JWT tokens with user details via a custom TokenEnhancer and replace RemoteTokenServices with a custom ResourceServerTokenServices, including configuration, code examples, and the security trade‑offs of using JWT.

JWTOAuth2Resource Server

0 likes · 7 min read

Eliminate OAuth2 Check‑Token Bottleneck with JWT and Custom Token Services

Java Architecture Diary

Mar 12, 2019 · Backend Development

Build a Scalable RBAC System with Spring Cloud Finchley & OAuth2

This open‑source project offers a Spring Cloud Finchley‑based RBAC permission system using Spring Security OAuth2, a data‑driven Element‑ui front‑end that works without Vue experience, and full container support (Docker, Kubernetes, Rancher2) plus production‑ready lambda, Stream API and WebFlux examples, with detailed dependency listings and contribution guidelines.

DockerOAuth2RBAC

0 likes · 2 min read

Build a Scalable RBAC System with Spring Cloud Finchley & OAuth2

Programmer DD

Feb 28, 2019 · Information Security

Secure Your Spring Cloud Microservices with OAuth2: A Step‑by‑Step Guide

This article explains how to protect Spring Cloud microservices using OAuth2 by configuring an API gateway, an authorization server, and a simple account service, providing a complete token‑based security solution with code examples and testing instructions.

MicroservicesOAuth2Security

0 likes · 9 min read

Secure Your Spring Cloud Microservices with OAuth2: A Step‑by‑Step Guide

ITFLY8 Architecture Home

Dec 4, 2018 · Information Security

How to Secure Microservices: From SSO to JWT and OAuth2 Explained

This article explores the evolution of authentication and authorization from monolithic to microservice architectures, comparing traditional session-based methods with modern token solutions like JWT and OAuth2, and provides practical guidance on implementing secure, scalable access control across dozens of services.

AuthorizationJWTMicroservices

0 likes · 18 min read

How to Secure Microservices: From SSO to JWT and OAuth2 Explained

Java Captain

Sep 17, 2018 · Backend Development

Implementing WeChat QR Code Login with Spring Boot and Thymeleaf

This tutorial explains how to build a WeChat QR‑code login system using Spring‑Boot, Thymeleaf, HttpClient and JSON, covering preparation steps, project configuration, OAuth2 flow, code examples for generating QR pages, handling callbacks, and customizing the login experience.

JavaOAuth2QR login

0 likes · 10 min read

Implementing WeChat QR Code Login with Spring Boot and Thymeleaf

Full-Stack Internet Architecture

Jul 30, 2018 · Information Security

Understanding OAuth2.0 Authorization Code Grant Flow

This article explains the OAuth2.0 authorization code grant flow, using a Douban‑QQ login example to illustrate the three-step process from client request to token exchange and user information retrieval, and provides a simple reference implementation on GitHub.

AuthenticationAuthorization CodeOAuth Flow

0 likes · 7 min read

Understanding OAuth2.0 Authorization Code Grant Flow

Programmer DD

Apr 23, 2018 · Information Security

When Should You Really Use JWT? Practical Insights and Common Pitfalls

This article explains JWT fundamentals—encoding, signature, and encryption—examines suitable use‑cases such as one‑time verification and stateless API authentication, discusses token leakage, secret design, logout handling, renewal strategies, and compares JWT with traditional session and OAuth2 approaches.

JWTOAuth2Session

0 likes · 15 min read

When Should You Really Use JWT? Practical Insights and Common Pitfalls

Architecture Digest

Sep 5, 2017 · Information Security

Security Authentication and Authorization Strategies for Microservice Architecture

This article examines the challenges of securing microservice architectures and compares various authentication and authorization approaches—including SSO, distributed sessions, client‑token schemes, JWT, and OAuth 2.0—to help developers choose suitable solutions for efficient and fine‑grained access control.

AuthenticationAuthorizationJWT

0 likes · 15 min read

Programmer DD

Aug 11, 2017 · Backend Development

How @EnableResourceServer Configures OAuth2 Token Validation in Spring Security

This article breaks down the internal workflow of Spring Security’s @EnableResourceServer, explaining how OAuth2 tokens are extracted, validated, and turned into authentication objects through ResourceServerSecurityConfigurer, OAuth2AuthenticationProcessingFilter, OAuth2AuthenticationManager, and related components.

AuthenticationJavaOAuth2

0 likes · 11 min read

How @EnableResourceServer Configures OAuth2 Token Validation in Spring Security

Programmer DD

Aug 9, 2017 · Information Security

Secure Spring Boot APIs with OAuth2: A Hands‑On Tutorial

This article walks through building a Spring Boot application that protects HTTP endpoints using OAuth2, covering password and client‑credentials flows, Maven setup, resource and authorization server configuration, in‑memory users, token retrieval, and accessing secured resources with detailed code examples.

API SecurityClient CredentialsJava

0 likes · 13 min read

Secure Spring Boot APIs with OAuth2: A Hands‑On Tutorial

21CTO

Jul 20, 2017 · Backend Development

How JD’s 京麦 Platform Achieves High‑Performance API Gateways and Reliable Messaging

This article explains how JD’s 京麦 open platform evolved from a simple Nginx‑Tomcat deployment to a decentralized, high‑performance API gateway and robust TCP‑based messaging system, detailing architectural choices such as OAuth2, ZooKeeper‑driven metadata, multi‑level rate limiting, Protobuf, and Netty‑powered push services.

OAuth2TCPhigh concurrency

0 likes · 12 min read

How JD’s 京麦 Platform Achieves High‑Performance API Gateways and Reliable Messaging

Efficient Ops

Sep 6, 2016 · Information Security

How to Secure Microservice Access: Design Principles and Practical Solutions

This article examines the evolution from traditional monolithic access security to modern microservice architectures, outlines key design principles, compares four common authentication schemes, and demonstrates a Spring Cloud Security implementation using OAuth2 and UAA for fine‑grained, token‑based protection.

AuthenticationMicroservicesOAuth2

0 likes · 17 min read

How to Secure Microservice Access: Design Principles and Practical Solutions

21CTO

Feb 27, 2016 · Information Security

How Attackers Exploit Sina Weibo OAuth to Hijack User Accounts

This article examines common security pitfalls when integrating Sina Weibo OAuth for user login and account binding, illustrating CSRF vulnerabilities and code‑theft attacks through real‑world examples on Bilibili, NetEase Cloud Music, and Zhihu, and offers mitigation recommendations.

CSRFOAuth2Security Vulnerability

0 likes · 10 min read

How Attackers Exploit Sina Weibo OAuth to Hijack User Accounts

Java High-Performance Architecture

Oct 29, 2015 · Information Security

How OAuth2 Secures Third‑Party Access: A Complete Guide

OAuth2 provides a secure, open standard that lets third‑party applications obtain limited user access without exposing passwords, using a token‑based flow involving resource owners, clients, resource servers, and authorization servers, illustrated through a step‑by‑step authorization process.

APIAuthorizationOAuth2

0 likes · 4 min read

How OAuth2 Secures Third‑Party Access: A Complete Guide