In this 2nd part I made a more complex example to be more practical in real life, and created a web app that is gets its users from db and stores the clients, and tokens in db instead of memory so it's more scalable. features: 1- users & roles in database 2- oauth related info stored in db (tokens, clients, approvals, etc..) 3- two APIs : a- cats apis, b- dogs api; each one of these can be accessed only if the access token has a proper scope (cats scope and dogs scope) the app uses h2 in memory database so that it be self contained and no external setup is required and here is the source code : https://github.com/blabadi/oauth2lw-parent/tree/master/oauth2lw-client-jdbc show case: 1- get access token to with scope cats: a- get the auth code : go to : localhost:8080/oauth/authorize?response_type=code&client_id=cats-client&redirect_uri=http://localhostcats/redirect 2- login with a user 3- approve the scopes : 4- get the authorization code
Blog about what I try or want to try.. while kids are sleeping !