问题
I am recently learning about OAuth2. Basically I am using Angular client side, and Backend Spring Boot Rest API.
I am having some little confusion regarding login form.
Normally when we use 3rd party REST Api like Facebook or Google Rest API, these APIs use auth code flow, and these REST Apis provide client a login form, once user authorized, then only they can access resources.
In my app, I am not using any 3rd party Rest api, instead I am creating Authorization/Resource server and I am using auth code flow. so if a Angular client makes a rest call for Backend resource server, does login form should be displayed by Authorization server? (like FB or Google Authorization servers do)
Orelse client will create a login page using angular, once they logged in, then only auth code flow should happen?
In short, my query is: Who is responsible to create login form to get accessToken? Authorization server or Angular?
If My Resource server Rest API using another 3rd party REST api (say Facebook or google). so should I go auth code flow or client credentials flow?
EDIT:
I have seen many examples out there combination of Spring Boot and Angular, in those examples login form created from Angular only.
回答1:
It should be part of Authorization server to route you to their login form and on successful user login , should return back to angular app with auth token (jwt token) which you can use to authorize api calls.
回答2:
Who is responsible to create login form to get accessToken? Authorization server or Angular?
You need to generate a token from the Authorization server (Spring Boot API Server)
If My Resource server Rest API using another 3rd party REST api (say Facebook or google). so should I go auth code flow or client credentials flow?
It will be Auth code flow, but you need to manage the URL pattern for authentication.
来源:https://stackoverflow.com/questions/61905190/who-is-responsible-to-create-login-form-to-get-accesstoken-authorization-server