oauth 2.0 – spring-security-oauth2 vs spring-cloud-starter-oauth2

oauth 2.0 – spring-security-oauth2 vs spring-cloud-starter-oauth2

To resolve complex dependency management, Spring Boot starters were introduced. Starter POMs are a set of dependency descriptors (combines multiple commonly used dependencies into one POM) which otherwise you could also manually include in your application individually. Starters are available for web, test, data jpa, security, mailing and more. If it is not starter, it is a module: a simple artifact.

If you want to work with web, you could include tomcat, mvc and jackson all by yourself (manually) – a lot of dependencies for a single simple application. Instead, you just introduce one starter dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

Coming to your question:

spring-security-oauth2 is an artifact of group org.springframework.security.oauth which supports oAuth2 (only) for Spring Security (not cloud), whereas spring-cloud-starter-oauth2 is a set of multiple dependencies like a starter web dependency above. This is OAuth2 starter for Spring Cloud that is only if you are working with Spring cloud. This starter comes with bundle of out-of-the-box dependencies underneath the OAuth2 framework for Spring Cloud like SSO, OAuth2 client.

Spring initially moved oauth2 to spring cloud started but as of version 2.4.0.M1 it was moved to spring security. You will be able to verify on start.spring.io that oauth2 cloud dependency is only in version >=2.0.0.RELEASE and <2.4.0.M1 enter

oauth 2.0 – spring-security-oauth2 vs spring-cloud-starter-oauth2

Leave a Reply

Your email address will not be published. Required fields are marked *