authentication / authorization links

authorization-authentication.md

token based authentication with jwt:

• https://scotch.io/tutorials/the-ins-and-outs-of-token-based-authentication
• https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
• http://nordicapis.com/how-to-control-user-identity-within-microservices/
• http://jwt.io/introduction/

oauth 2.0

• http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/
• https://tools.ietf.org/html/rfc6749
• https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
• http://code.tutsplus.com/articles/oauth-20-the-good-the-bad-the-ugly--net-33216

oauth grant types (from rfc6749)

OAuth defines four grant types:

• authorization code,
• implicit,
• resource owner password credentials, and
• client credentials.

It also provides an extension mechanism for defining additional grant types.

spring authorization grant types

.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit", "client_credentials")

sprint oauth 2.0 examples with Java Spring

• https://github.com/absolutegalaber/jwt-oauth2-example
• https://spring.io/blog/2014/11/07/webinar-replay-security-for-microservices-with-spring-and-oauth2
• https://github.com/dsyer/sparklr-boot
• http://cloud.spring.io/spring-cloud-security/#quick-start
• https://github.com/dynamind/spring-boot-security-oauth2-minimal
• http://callistaenterprise.se/blogg/teknik/2015/04/27/building-microservices-part-3,%20secure%20API's%20with%20OAuth/
• http://projects.spring.io/spring-security-oauth/docs/oauth2.html
• http://docs.spring.io/spring-security/site/docs/4.0.4.CI-SNAPSHOT/reference/htmlsingle/

nginx auth request

• http://nginx.org/en/docs/http/ngx_http_auth_request_module.html

http://www.mkyong.com/spring-security/spring-security-limit-login-attempts-example/

Websocket Authentication: cookie/storage vs token

https://auth0.com/blog/2014/01/15/auth-with-socket-io/