Spring 中的 oAuth2 令牌验证/验证
问题描述:
如果授权服务器和资源服务器驻留在不同的机器上,Spring 是否提供预构建的令牌验证/验证方式?有最佳实践吗?在资源服务器可以调用验证的授权服务器上创建我自己的服务,你怎么看?
Does Spring provide a pre-built way of token validation/verification if the authorization server and resource server reside on different boxes? Is there a best practice? What do you think about creating my own service at the authorization server that the resource server can call for validation?
答
需要吗?资源服务器的 OAuth2ProtectedResourceFilter 应该根据授权服务器用来存储令牌的同一个数据库来验证令牌.
Is that needed? The Resource Server's OAuth2ProtectedResourceFilter should validate the token against the same database that the Authorization Server used to store the token.