Secure Spring RESTful API with OAuth2 Google Authorization Server

Question

Secure Spring RESTful API with OAuth2 Google Authorization Server

I plan to create an application with a Spring RESTful API server and client on AngularJS.

I would like to protect my Spring RESTful API using the Google OAuth2 authorization server.

I have an architectural question:

After successfully logging into Google, I get accessToken from the Google OAuth2 authorization server. Do I need to transfer this accessToken to my client application (AngularJS), or do I need to enter my own security level in my backend application (for example, with JWT) and based on Google accessToken release my own jwtToken and transfer this token to my client application?

In other words, is it safe to show Google access to my client with an AngularJS application and use it for authentication in my own RESTful API?

Also, in the case of my RESTful API, do I need to check the Google accessToken with the Google Auth server after every call from my client application (AngularJS) to my secure RESTful API?

+4

java angularjs rest spring-security-oauth2 oauth2

alexanoid Jan 6 '16 at 12:05

source share

1 answer

galovics · Accepted Answer · 2017-02-22T11:17:16+0000

Is it safe to show access with Google for my AngularJS application and use it for authentication in my own RESTful API?

This is not your access token in fact, it is intended for use by your client. It is completely safe to give them a token, as they MUST send a token to your server with every request. This is due to the nature of REST.

API RESTful Google accessToken Google Auth (AngularJS) RESTful API?

, Google, . , . , , ..

REST Google OAuth 2

Secure Spring RESTful API with OAuth2 Google Authorization Server

More articles: