The Spring Authorization Server project provides support for OAuth 2.1 Authorization Framework, OpenID Connect Core 1.0, and the numerous extension specifications.
The primary goal of this talk is to demonstrate how to securely configure a Spring Authorization Server deployment using identified trust boundaries. The IETF draft, OAuth 2.0 Security Best Current Practice, will be referenced and recommendations will be provided for preventing attacks and implementing mitigations using defensive, in-depth strategies.
The following will be discussed and demonstrated:
- Current features
- Starting up with default configuration
- Customizing the configuration
- Adding custom features via extension
- Feature roadmap