Creating Custom OpenId Provider for Oauth2 Spring Boot

Question

I have used Oauth2 framework for authorization and access control for protecting my spring boot microservice api\'s. Oauth2 framework is working fine but now my Client wants a d

Answer 1

According to "OAuth 2.0 Features Matrix" in spring-projects/spring-security, Spring Framework is not a good starting point for OpenID Connect. None of the new projects (Spring Security, Spring Cloud Security and Spring Boot OAuth2) supports Authorization Server. On the other hand, the old project (Spring Security OAuth) has architectural problems that prevent OpenID Connect support.

The website of OpenID Connect says "OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol." This sentence may give an impression that OpenID Connect can be implemented on top of an existing OAuth 2.0 implementation step by step. However, it's not true. One evidence is spring-security-oauth Issue 619 where you see the project has given up supporting OpenID Connect. If interested, see "5. Response Type" in "Full-Scratch Implementor of OAuth and OpenID Connect Talks About Findings" for further details.

There exist many implementations that support OpenID Connect. Why don't you check the list of certified implementations?

Update (November 14, 2019):

The Spring Security team has decided to no longer provide support for authorization servers. See their announce for details.