In our sample project, we will set up our own authorization server, against which we will authorize the APIs exposed through our resource server. We have movie APIs exposed on our resource server, and the client application will authenticate with the application (the client application is Spring Security protected) and then try accessing one of the movie APIs, at which point the OAuth flow will kick in. After a successful authorization check with the authorization server, the client will be given access to the requested movie APIs.

We will have a parent project containing three Spring Boot projects: oauth-authorization-server, oauth-resource-server, and oauth-client-app:

We will now look at each of the individual Spring Boot projects in the subsequent sections. The full source code is available on the book's GitHub page under the spring-boot-spring-security-oauth project.