Spring Security — OAuth2 — MongoDB

The main purpose of this story is to show how to secure a spring boot microservice using spring security,Oauth2 and MongoDB.

Photo by Jon Moore on Unsplash

Prerequisites

• Spring Boot 2.4
• Maven 3.6.+
• Java 11
• Mongo 4.4

Oauth2 Overview

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. — https://datatracker.ietf.org/doc/html/rfc6749

OAuth2 Roles:

There are four roles that can be applied on OAuth2:

• Resource Owner: The owner of the resource — When the resource owner is a person, it is referred to as an end-user.
• Resource Server: The server hosting the protected resources by the OAuth2 token.
• Client: The application requesting an access token.
• Authorization Server: This is the server issuing access tokens to the client after successfully…