It depends on what framework you're using for the actual REST application. I'd use established middleware for that framework. For instance, if the application is built on Spring, I'd use Spring Security's JWT provisions.
It is using Spring platform, but we are not using Spring Security.
What we are doing is explained in brief:
Everytime the user logs in, the User credentials are verified from db and JWT tokens are sent back to user.
Every subsequent request which is not the login request is intercepted by the spring HandlerInterceptor which does the job of verifying the tokenstring, parsing the claims.
If claims are formed succcessfully, the request is processed further else it is not.
We are using https request..!
So now I want to understand why would I have to integrate OAUTH2, OpenID and Spring Security, what are the advantages of using each.
Apart from above if anything is found more secure please suggest.
The reason you would use spring security is because you already have spring all set up, it would be trivial to add spring security and it would save you alot of time because it's already implemented well.
You'll never get away with this you overconfident blob! The most you will ever get is this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!