REST APIs can be secured by another mechanism in your web application, OAuth.

OAuth is an authorization framework that allows other applications with the right credentials access to partial/limited user profile details stored on platforms such as Google and Facebook. The authentication part is delegated to these services and if successful, appropriate grants are given to the calling client/application, which can be used to get access to secured resources (in our case RESTful APIs).

We have seen OAuth security using a public authentication provider in Chapter 3, Authentication Using CAS and JAAS (in the OAuth 2 and OpenID connect section). However, we need not use these public providers; you have the choice of using your own. We will cover one such example in this chapter, where we will be using our own authentication provider and securing our Spring Boot-based reactive REST endpoints.

Before getting into the example, we need to understand a bit more about OAuth, and also need to understand its various components. We already went through a lot of the details of OAuth in Chapter 3, Authentication Using CAS and JAAS. We will add to those details in this section and then go through the code example.