The New Spring Authorization Server with Kotlin
A practical survey of OAuth 2 authorization with the new Spring project
Even if these two processes often get mixed up, authentication and authorization describe two different processes.
Authentication describes the process of identifying who accesses a resource, authorization on the other hand describes what resources are allowed to be accessed.
The OAuth 2.0 Authorization Framework is the industry-standard protocol for implementing a flow that allows enabling limited access to specific resources. Hereby the actual access permission can get fine-granular scoped.
The participants in a common authorization flow are the following:
- Client application
- Resource Owner (User)
- Resource Server
- Authorization Server
The Spring Authorization Server is a community-driven project and is meant to be used as a standalone application. With its recent release, it got promoted from Spring’s experimental projects to Spring projects.
