- https://scotch.io/tutorials/the-ins-and-outs-of-token-based-authentication
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- http://nordicapis.com/how-to-control-user-identity-within-microservices/
- http://jwt.io/introduction/
- http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/
- https://tools.ietf.org/html/rfc6749
- https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
- http://code.tutsplus.com/articles/oauth-20-the-good-the-bad-the-ugly--net-33216
OAuth defines four grant types:
- authorization code,
- implicit,
- resource owner password credentials, and
- client credentials.
It also provides an extension mechanism for defining additional grant types.
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit", "client_credentials")
- https://github.com/absolutegalaber/jwt-oauth2-example
- https://spring.io/blog/2014/11/07/webinar-replay-security-for-microservices-with-spring-and-oauth2
- https://github.com/dsyer/sparklr-boot
- http://cloud.spring.io/spring-cloud-security/#quick-start
- https://github.com/dynamind/spring-boot-security-oauth2-minimal
- http://callistaenterprise.se/blogg/teknik/2015/04/27/building-microservices-part-3,%20secure%20API's%20with%20OAuth/
- http://projects.spring.io/spring-security-oauth/docs/oauth2.html
- http://docs.spring.io/spring-security/site/docs/4.0.4.CI-SNAPSHOT/reference/htmlsingle/
http://www.mkyong.com/spring-security/spring-security-limit-login-attempts-example/