Securing REST API using Keycloak and Spring Oauth2

Keycloak is Open Source Identity and Access Management Server, which is a OAuth2 and OpenID Connect(OIDC) protocol complaint. Keycloak documentation suggest 3 ways to secure Spring based REST APIS. Using Keycloak Spring Boot Adapter Using keycloak Spring Security...

如果accessToken放Client端,refreshToken存储在服务器,那么会违背微服务的无状态构架初衷。 accessToken和refreshToken统一放在Client端,可以遵循微服务无状态构架。 两种情况都可以通过accessToken来延长refreshToken,做到长时间保持登录状态的需求。


OAuth 2 Password Credentials&Client Credentials

In microservices, the front service should use the Authorization Code(Grant Type) to let users log in with the web browser, and other services in the background should use Client Credentials(Grant Type).

[汇总]Spring Security和OAuth2

WeChat Website Login with Barcode

This article will show you how to integrate WeChat login with your website. 1. Register develop account Register an account at and apply for verification, it takes several days.