, 2021

2021 Breakout Sessions

Getting Started with Spring Authorization Server


Track: Intermediate/Advanced Spring

The Spring Authorization Server project provides support for OAuth 2.1 Authorization Framework, OpenID Connect Core 1.0, and the numerous extension specifications.

The primary goal of this talk is to demonstrate how to securely configure a Spring Authorization Server deployment using identified trust boundaries. The IETF draft, OAuth 2.0 Security Best Current Practice, will be referenced and recommendations will be provided for preventing attacks and implementing mitigations using defensive, in-depth strategies.

The following will be discussed and demonstrated:

  • Current features
  • Starting up with default configuration
  • Customizing the configuration
  • Adding custom features via extension
  • Feature roadmap

Joe Grandja

Spring Security Engineer

Steve Riesenberg

Software Engineer