I plan to use OAuth2 for my application. The architecture I'm trying to implement is as follows:
- I will have my (and only this) authorization server
- Some resource applications that check access to their resources using the authorization server
- Some client applications (web, mobile) that redirect the user to the authorization server for authentication and success will consume api in resource applications.
So far, I have managed to implement this interaction between 3 main applications (1 auth server, 1 resource server and 1 client). What I am not getting is the logout function. I read the “notorious difficult problem” that Dave Sier describes in his tutorial, but in this case I really need the user to re-enter after logging out. I tried to provide an access token and an update token for a few seconds, but instead of requesting a login again when the expiration date, I get NPE in the client application. I also tried the solutions suggested in this postto remove the token from the token store, but it does not work. The only sign for me is the desired behavior for this implementation. How can I achieve this using Spring Boot Oauth2. If for some reason this is not possible, what alternatives could I use to implement centralized security with Spring Boot?
Thanks in advance.
source
share