Showing posts from security

Securing isolated systems: Caveats of using plain OAUTH flows and how to solve them

Securing isolated systems: Caveats of using plain OAUTH flows and how to solve them

While OIDC and OAUTH are well-known standards, they don’t fit every purpose “out of the box.” In businesses with special regulations like banking, health care, etc., non-functional requirements to auth can be challenging. Different solutions and ways were evaluated to create a new identity provider for a medical network. The first approach was “just” using simple OAUTH by its most famous Authorization Code Flow. Of course, it failed fast, and I’ll show why and how we solved it in this post.

The Spring Security Oauth2 Blues - Simplicity

The Spring Security Oauth2 Blues - Simplicity

I personally like the Spring Framework and its security components, because it’s pretty full-featured and easy to use, but when it comes to Spring Security OAuth2, there’s a huge quality breakdown. In this (probably series) of blogposts, I’ll try to sum up the good, the bad, the evil and why I ended up completely dropping Spring Security OAuth2.