OAuth 2.0 for Java Developers: Explore, Learn, and Experiment!

Java Security Playground: Learn and Experiment with OAuth 2.0!” is a hands-on learning experience that allows developers to explore and experiment with OAuth 2.0 security concepts in a local playground environment. This includes diving under the hood of OAuth 2.0, studying real-world examples, and implementing OAuth 2.0 security with Spring Boot and Spring Authorization Server. With this playground, Java developers can gain practical experience in securing their applications with OAuth 2.0, all in a safe and controlled environment.

01 - Introduction

• Introduction
• Objective

02 - Playground

• Start playground
• Hello Token example
• Playground architecture
• User journeys

03 - Tokens

• Access tokens
• Refresh Tokens
• Scope
• ID Token vs Access Tokens

04 - OAuth Grant types

• Authorization code
• PKCE
• Client credentials - Resource access using opaque tokens
• Client credentials - Resource access using self contained tokens (JWT)
• Device token
• Refresh Token
• JWT bearer
• Implicit flow (Legacy)
• Password grant (Legacy)

04 - Client Types

• confidential clients
• public clients

05 - Client Authentication

• Client secret basic (Client ID / Secret)
• Client secret post (Client ID / Secret)
• Client secret basic vs Client secret post
• Private key JWT
• mutual TLS
• Mutual TLS (TLS bound token) VS Client secret post

06 - Token management

• Token introspection
• Token revocation

07 - Proof of possession

• tls-bound-token (mTLS)
• Demonstration of Proof-of-Possession(DPoP)

08 - Auth2 vs OpenID