• Home
• OAuth2

We must give the Authorization Servers a Resource Server's shared secret or key that will be used to encrypt the token and reinforce the security of the resource servers. These keys will be registered in the serverKeys.xml file. The format of this archive will be:

  <AuthServer id="authServerID" url="authServerURL">
            <ResourceServer id="res_serv_id1">
                <Scopes>
                    <Scope>scope1</Scope>
                    <Scope>scope2</Scope>
                </Scopes>
                <Key>example_key</Key>
            </ResourceServer>

             <ResourceServer id="res_serv_id2">
                <Scopes>
                    <Scope>scope2_1</Scope>
                    <Scope>scope2_2</Scope>
                    <Scope>scope2_3</Scope>
                </Scopes>
                <Key>example_key2</Key>
            </ResourceServer>            
 </AuthServer>

Where ResourceServers contains a set of resource servers. Each of one will have a set of Scopes and a Key that will be the shared secret.

This shared secret has to be the same in the asKeys.xml file of the Resource Server.