Answer the question
In order to leave comments, you need to log in
A
A
antonpryamostanov2019-04-23 00:20:21
antonpryamostanov, 2019-04-23 00:20:21
OAuth2: how to authenticate the Authorization Server itself?
Let's say that the OAuth2 Authorization Server is being developed as a separate application (in the form of a Reverse Proxy that checks the Access Token and forwards the request to a separate Resource Server).
Let's say both the Authorization Server and the Resource Server are hosted on the public Cloud (for example, as 2 separate applications in Heroku), and are accessible from the Internet.
Question: What is the best way to ensure that only the Authorization Server (as a trusted application) can connect and use the Resource Server?
Ideally, without using heavy dependencies in the Resource Server (such as Spring Security).
Client Authentication via Client Certificate is out of the question - Heroku does not support this method.
VPN is also impossible to provide between applications in the public Cloud.
1 answer(s)
@antonpryamostanov
A
antonpryamostanov, 2019-05-04 @antonpryamostanov
I considered Digest - but for some reason, sha256 in Spring Security requires additional configuration (insecure md5 is used by default), this somehow warns me against tying the solution to Digest authorization.
Similar questions
A
B
V
S
StopDesign2012-04-26 08:23:15
Authorization through social networks and registration on the site
9Reply
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question