Spring Boot Oauth2 Client Mutual TLS — Client Credentials Grant

If you are not a medium member, use the link here to access the content for free.

Agenda

Continuing things from the previous article here, I felt what if the Authorization Server’s token URL endpoint is Mutual TLS protected, how to make that work?
The findings were little tricky but figured that out based on Spring Boot’s customization it supports.

Prerequisites(same as previous article only)

1. Knowledge of Spring Boot, Java.
2. Good understanding of the Oauth2 Concepts.
3. Some understanding of the reactive programming
4. JDK 11 installed(tried using JDK 11 only). Though JDK 8 should also work.
5. Authorization Server setup is out of context.
6. Resource server is out of context but can be referred from previous article here

There can be three scenarios

Scenario 1 — Only the resource server is mutual TLS protected.