Live Online Event

OAuth2 Security for the

Spring API

Hosted by:

Eugen Paraschiv

Secure a Spring REST API with OAuth2 + JWT

With Eugen Paraschiv



Wednesday: October 11

11:00AM - 12:00PM Pacific (Los Angeles)

01:00PM - 02:00PM Central (Chicago)

02:00PM - 03:00PM Eastern (New York)

Time left:

  1. We'll start with the foundations of OAuth2 and how we can apply it to a REST API
  2. We'll talk about the available OAuth2 flows and which of these we can actually use for an API
  3. We'll understand the OAuth2 main actors and we'll start with a simple but fully functional Spring Security implementation
  4. We'll dive deeper into tokens, their role withing an OAuth2 implementation and how to do them correctly within our Spring Security solution
  5. We'll go through a real interaction with the secured API and see exactly how we can retrieve an Access Token and then use it to access protected resources
  6. We'll switch from the standard token implementation to a JSON Web Tokens (JWT) implementation within our API Security configuration
  7. Finally, we'll explore some real-world attacks using Cross-site Request Forgery first without and then with the CSRF protection available in Spring Security