My requirement is to implement oauth 2 using spring boot.
It's for dynamic client registration(client id ,client secret ….) to be stored in the database, not in memory.
The first option I see is using spring-security-oauth2. But as per docs
https://spring.io/projects/spring-security-oauth.
It says Spring Security OAuth is deprecated and The latest OAuth 2.0 support is provided by Spring Security.
Spring Security OAuth being deprecated I won’t be using it for my current implementation.
Now the option I have now is to use it from Spring Security. Bu as per docs https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide it says Spring Security doesn’t provide Authorization Server support.
Now here I am confused about what shall I do either use Spring Security OAuth which is deprecated or wait for Spring Security to provide Authorization Server support. I want to have advice from an expert . Is there any tutorial to achieve it without Spring Security OAuth?
There is a new project to create a Spring Security new Authorization Server: https://github.com/spring-projects-experimental/spring-authorization-server However its a long way off being completed.
I gather since your only going to be using "client credentials" grant, you could use the deprecated Authorization Server, I use it for small internal applications, works well for simple use cases, and it's very customizable. e.g. project: https://github.com/wlesniak/effective-oauth2-with-spring-security-and-spring-boot/tree/master/module_4
Your other option, especially if you want to use OpenID connect, and the latest Oauth features, would be a 3rd party Auth server like: keycloak Its opensource, and developed by Red Hat, great product all the bells and whistles, and has good spring support, easy to configure.