We have a service that is written in spring boot and currently uses kerberos/spnego with keytab to authenticate. I was trying to replace this with Oauth2 framework and since there is no UI for the API and it is mostly service Id to be authenticated, I am in a dilemma to how to proceed. I read somewhere that I can use JWT. Should I make use of JWT to get the access token? Can someone please show me a direction? Or there any sample examples that I can follow?
Thanks,
pbale
This seems to be a typical case for OAuth2 client-credentials flow (no user).
The easiest option is probably using
client-idandclient-secretbut both Keycloak and Spring Security support other options.Add
spring-boot-stater-clientto your dependencies and then open the doc.Note that you have a choice of REST clients in Spring: RestTemplate (but in maintenance mode), WebClient (better adapted to reactive apos), @FeignClient (from Spring Cloud), RestClient (not quite mature yet), etc. Each having its own integration with the
OAuth2AuthorizedClientManagerto get access tokens. So open the doc of the one you choose, too.