The Spring Authorization Server project provides support for OAuth 2.1 Authorization Framework, OpenID Connect Core 1.0 and the numerous extension specifications.
The primary goal of this talk is to demonstrate how to securely configure a Spring Authorization Server deployment using identified trust boundaries. The IETF draft, OAuth 2.0 Security Best Current Practice, will be referenced and recommendations will be provided for preventing attacks and implementing mitigations using defense in depth strategies.
Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2 and OpenID Connect support in Spring Security and Spring Authorization Server.