This content originally appeared on Scotch.io RSS Feed and was authored by Brian Demers
The topic of validating an OAuth 2.0 access tokens comes up frequently on the Okta developer blog. Often we talk about how to validate JSON Web Token (JWT) based access tokens; however, this is NOT part of the OAuth 2.0 specification. JWTs are so commonly used that Spring Security supported them before adding support for remotely validating tokens (which is part of the OAuth 2.0 specification.)
In this post, you will build a simple application that takes advantage of both types of validation.
Prerequisites
Should I Validate Access Tokens Locally or Remote?
Whether you should validate access tokens locally (e.g., a JWT) or remotely (per spec) is a question of how much security you need. Often, people jump to, "I need all of the securities!" This statement simply isn't true—how much sec
This content originally appeared on Scotch.io RSS Feed and was authored by Brian Demers
Brian Demers | Sciencx (2020-06-30T00:09:23+00:00) JWT vs Opaque Access Tokens: Use Both With Spring Boot. Retrieved from https://www.scien.cx/2020/06/30/jwt-vs-opaque-access-tokens-use-both-with-spring-boot/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.