Manual move of spring-projects/spring-authorization-server docs

Issue gh-17880

Author: jgrandja

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc

@@ -0,0 +1,24 @@
+[[getting-help]]
+= Getting Help
+:page-section-summary-toc: 1
+
+[[community]]
+== Community
+
+Welcome to the https://docs.spring.io/spring-security/reference/community.html[Spring Security Community].
+Spring Authorization Server is an open source project led by the Spring Security team.
+If you need help with Spring Authorization Server, we are here to help.
+
+[[resources]]
+== Resources
+
+The following are some of the best ways to get help:
+
+* Try the xref:how-to.adoc[How-to guides]. They provide solutions to the most common questions.
+* Learn the Spring Security basics that Spring Authorization Server builds on. If you are starting out with Spring Security, check the https://spring.io/projects/spring-security#learn[reference documentation] or try one of the https://github.com/spring-projects/spring-security-samples[samples].
+* Read through xref:index.adoc[this documentation].
+* Try one of our many https://github.com/spring-projects/spring-authorization-server/tree/main/samples[sample applications].
+* Ask a question on Stack Overflow with the https://stackoverflow.com/questions/tagged/spring-authorization-server[`spring-authorization-server`] tag.
+* Report bugs and enhancement requests on https://github.com/spring-projects/spring-authorization-server/issues[GitHub].
+
+NOTE: Spring Authorization Server is open source, including the documentation. If you find problems with the docs or if you want to improve them, please https://github.com/spring-projects/spring-authorization-server[get involved].

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/core-model-components.adoc

@@ -0,0 +1,107 @@
+
+[[getting-started]]
+= Getting Started
+
+If you are just getting started with Spring Authorization Server, the following sections walk you through creating your first application.
+
+[[system-requirements]]
+== System Requirements
+
+Spring Authorization Server requires a Java 17 or higher Runtime Environment.
+
+[[installing-spring-authorization-server]]
+== Installing Spring Authorization Server
+
+Spring Authorization Server can be used anywhere you already use https://docs.spring.io/spring-security/reference/prerequisites.html[Spring Security].
+
+The easiest way to begin using Spring Authorization Server is by creating a https://spring.io/projects/spring-boot[Spring Boot]-based application.
+You can use https://start.spring.io[start.spring.io] to generate a basic project or use the https://github.com/spring-projects/spring-authorization-server/tree/main/samples/default-authorizationserver[default authorization server sample] as a guide.
+Then add Spring Boot's starter for Spring Authorization Server as a dependency:
+
+[tabs]
+======
+Maven::
++
+[[spring-boot-maven-dependency]]
+[source,xml,role="primary",subs="attributes,verbatim"]
+----
+<dependency>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
+</dependency>
+----
+
+Gradle::
++
+[[spring-boot-gradle-dependency]]
+[source,gradle,role="secondary",subs="attributes,verbatim"]
+----
+implementation "org.springframework.boot:spring-boot-starter-oauth2-authorization-server"
+----
+======
+
+TIP: See https://docs.spring.io/spring-boot/docs/current/reference/html/getting-started.html#getting-started.installing[Installing Spring Boot] for more information on using Spring Boot with Maven or Gradle.
+
+Alternatively, you can add Spring Authorization Server without Spring Boot using the following example:
+
+[tabs]
+======
+Maven::
++
+[[maven-dependency]]
+[source,xml,role="primary",subs="attributes,verbatim"]
+----
+<dependency>
+    <groupId>org.springframework.security</groupId>
+    <artifactId>spring-security-oauth2-authorization-server</artifactId>
+    <version>{spring-authorization-server-version}</version>
+</dependency>
+----
+
+Gradle::
++
+[[gradle-dependency]]
+[source,gradle,role="secondary",subs="attributes,verbatim"]
+----
+implementation "org.springframework.security:spring-security-oauth2-authorization-server:{spring-authorization-server-version}"
+----
+======
+
+[[developing-your-first-application]]
+== Developing Your First Application
+
+To get started, you need the minimum required components defined as a `@Bean`. When using the `spring-boot-starter-oauth2-authorization-server` dependency, define the following properties and Spring Boot will provide the necessary `@Bean` definitions for you:
+
+[[application-yml]]
+.application.yml
+[source,yaml]
+----
+include::{docs-java}/sample/gettingstarted/application.yml[]
+----
+
+TIP: Beyond the Getting Started experience, most users will want to customize the default configuration. The xref:getting-started.adoc#defining-required-components[next section] demonstrates providing all of the necessary beans yourself.
+
+[[defining-required-components]]
+== Defining Required Components
+
+If you want to customize the default configuration (regardless of whether you're using Spring Boot), you can define the minimum required components as a `@Bean` in a Spring `@Configuration`.
+
+These components can be defined as follows:
+
+[[sample.gettingstarted]]
+.SecurityConfig.java
+[source,java]
+----
+include::{docs-java}/sample/gettingstarted/SecurityConfig.java[]
+----
+
+This is a minimal configuration for getting started quickly. To understand what each component is used for, see the following descriptions:
+
+<1> A Spring Security filter chain for the xref:protocol-endpoints.adoc[Protocol Endpoints].
+<2> A Spring Security filter chain for https://docs.spring.io/spring-security/reference/servlet/authentication/index.html[authentication].
+<3> An instance of {spring-security-api-base-url}/org/springframework/security/core/userdetails/UserDetailsService.html[`UserDetailsService`] for retrieving users to authenticate.
+<4> An instance of xref:core-model-components.adoc#registered-client-repository[`RegisteredClientRepository`] for managing clients.
+<5> An instance of `com.nimbusds.jose.jwk.source.JWKSource` for signing access tokens.
+<6> An instance of `java.security.KeyPair` with keys generated on startup used to create the `JWKSource` above.
+<7> An instance of {spring-security-api-base-url}/org/springframework/security/oauth2/jwt/JwtDecoder.html[`JwtDecoder`] for decoding signed access tokens.
+<8> An instance of xref:configuration-model#configuring-authorization-server-settings[`AuthorizationServerSettings`] to configure Spring Authorization Server.

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-help.adoc

@@ -0,0 +1,18 @@
+:noheader:
+[[top]]
+= Spring Authorization Server Reference
+
+[horizontal]
+xref:overview.adoc[Overview] :: Introduction, use cases and feature list
+xref:getting-help.adoc[Getting Help] :: Links to samples, questions and issues
+xref:getting-started.adoc[Getting Started] :: System requirements, dependencies and developing your first application
+xref:configuration-model.adoc[Configuration Model] :: Default configuration and customizing the configuration
+xref:core-model-components.adoc[Core Model / Components] :: Core domain model and component interfaces
+xref:protocol-endpoints.adoc[Protocol Endpoints] :: OAuth2 and OpenID Connect 1.0 protocol endpoint implementations
+xref:how-to.adoc[How-to Guides] :: Guides to get the most from Spring Authorization Server
+
+Joe Grandja, Steve Riesenberg
+
+Copyright © 2020 - 2024
+
+Copies of this document may be made for your own use and for distribution to others, provided that you do not charge any fee for such copies and further provided that each copy contains this Copyright Notice, whether distributed in print or electronically.

docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc

@@ -0,0 +1,119 @@
+[[overview]]
+= Overview
+
+This site contains reference documentation and how-to guides for Spring Authorization Server.
+
+[[introducing-spring-authorization-server]]
+== Introducing Spring Authorization Server
+
+Spring Authorization Server is a framework that provides implementations of the https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07[OAuth 2.1] and https://openid.net/specs/openid-connect-core-1_0.html[OpenID Connect 1.0] specifications and other related specifications.
+It is built on top of https://spring.io/projects/spring-security[Spring Security] to provide a secure, light-weight, and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products.
+
+[[use-cases]]
+== Use Cases
+
+The following list provides some use cases for using Spring Authorization Server compared to using an open source or commercial OAuth2 or OpenID Connect 1.0 Provider product.
+
+* Provides full control of configuration and customization when advanced customization scenarios are required.
+* Preference for a light-weight authorization server compared to a commercial product that includes all the "bells and whistles".
+* Potential savings in software licensing and/or hosting costs.
+* Quick startup and ease of use during development using the familiar Spring programming model.
+
+[[feature-list]]
+== Feature List
+
+Spring Authorization Server supports the following features:
+
+[cols="2a,4a,6a"]
+|===
+|Category |Feature |Related specifications
+
+|xref:protocol-endpoints.adoc#oauth2-token-endpoint[Authorization Grant]
+|
+* Authorization Code
+** xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[User Consent]
+* Client Credentials
+* Refresh Token
+* Device Code
+** xref:protocol-endpoints.adoc#oauth2-device-verification-endpoint[User Consent]
+* Token Exchange
+|
+* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07[draft])
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07#section-4.1[Authorization Code Grant]
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07#section-4.2[Client Credentials Grant]
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07#section-4.3[Refresh Token Grant]
+* OpenID Connect Core 1.0 (https://openid.net/specs/openid-connect-core-1_0.html[spec])
+** https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth[Authorization Code Flow]
+* OAuth 2.0 Device Authorization Grant
+(https://tools.ietf.org/html/rfc8628[spec])
+** https://tools.ietf.org/html/rfc8628#section-3[Device Flow]
+* OAuth 2.0 Token Exchange (https://datatracker.ietf.org/doc/html/rfc8693[spec])
+** https://datatracker.ietf.org/doc/html/rfc8693#section-2[Token Exchange Flow]
+
+|xref:core-model-components.adoc#oauth2-token-generator[Token Formats]
+|
+* Self-contained (JWT)
+* Reference (Opaque)
+|
+* JSON Web Token (JWT) (https://tools.ietf.org/html/rfc7519[RFC 7519])
+* JSON Web Signature (JWS) (https://tools.ietf.org/html/rfc7515[RFC 7515])
+
+|Token Types
+|
+* xref:protocol-endpoints.adoc#oauth2-token-endpoint-dpop-bound-access-tokens[DPoP-bound Access Tokens]
+|
+* OAuth 2.0 Demonstrating Proof of Possession (DPoP) (https://datatracker.ietf.org/doc/html/rfc9449[RFC 9449])
+
+|xref:configuration-model.adoc#configuring-client-authentication[Client Authentication]
+|
+* `client_secret_basic`
+* `client_secret_post`
+* `client_secret_jwt`
+* `private_key_jwt`
+* `tls_client_auth`
+* `self_signed_tls_client_auth`
+* `none` (public clients)
+|
+* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07#section-2.4[Client Authentication])
+* JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication (https://tools.ietf.org/html/rfc7523[RFC 7523])
+* OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (https://datatracker.ietf.org/doc/html/rfc8705[RFC 8705])
+* Proof Key for Code Exchange by OAuth Public Clients (PKCE) (https://tools.ietf.org/html/rfc7636[RFC 7636])
+
+|xref:protocol-endpoints.adoc[Protocol Endpoints]
+|
+* xref:protocol-endpoints.adoc#oauth2-authorization-endpoint[OAuth2 Authorization Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-pushed-authorization-request-endpoint[OAuth2 Pushed Authorization Request Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-device-authorization-endpoint[OAuth2 Device Authorization Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-device-verification-endpoint[OAuth2 Device Verification Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-token-endpoint[OAuth2 Token Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-token-introspection-endpoint[OAuth2 Token Introspection Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-token-revocation-endpoint[OAuth2 Token Revocation Endpoint]
+* xref:protocol-endpoints.adoc#oauth2-authorization-server-metadata-endpoint[OAuth2 Authorization Server Metadata Endpoint]
+* xref:protocol-endpoints.adoc#jwk-set-endpoint[JWK Set Endpoint]
+* xref:protocol-endpoints.adoc#oidc-provider-configuration-endpoint[OpenID Connect 1.0 Provider Configuration Endpoint]
+* xref:protocol-endpoints.adoc#oidc-logout-endpoint[OpenID Connect 1.0 Logout Endpoint]
+* xref:protocol-endpoints.adoc#oidc-user-info-endpoint[OpenID Connect 1.0 UserInfo Endpoint]
+* xref:protocol-endpoints.adoc#oidc-client-registration-endpoint[OpenID Connect 1.0 Client Registration Endpoint]
+|
+* The OAuth 2.1 Authorization Framework (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07[draft])
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07#section-3.1[Authorization Endpoint]
+** https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-07#section-3.2[Token Endpoint]
+* OAuth 2.0 Pushed Authorization Requests (https://datatracker.ietf.org/doc/html/rfc9126[RFC 9126])
+** https://datatracker.ietf.org/doc/html/rfc9126#section-2[Pushed Authorization Request Endpoint]
+* OAuth 2.0 Device Authorization Grant (https://tools.ietf.org/html/rfc8628[RFC 8628])
+** https://tools.ietf.org/html/rfc8628#section-3.1[Device Authorization Endpoint]
+** https://tools.ietf.org/html/rfc8628#section-3.3[Device Verification Endpoint]
+* OAuth 2.0 Token Introspection (https://tools.ietf.org/html/rfc7662[RFC 7662])
+* OAuth 2.0 Token Revocation (https://tools.ietf.org/html/rfc7009[RFC 7009])
+* OAuth 2.0 Authorization Server Metadata (https://tools.ietf.org/html/rfc8414[RFC 8414])
+* JSON Web Key (JWK) (https://tools.ietf.org/html/rfc7517[RFC 7517])
+* OpenID Connect Discovery 1.0 (https://openid.net/specs/openid-connect-discovery-1_0.html[spec])
+** https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Provider Configuration Endpoint]
+* OpenID Connect RP-Initiated Logout 1.0 (https://openid.net/specs/openid-connect-rpinitiated-1_0.html[spec])
+** https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout[Logout Endpoint]
+* OpenID Connect Core 1.0 (https://openid.net/specs/openid-connect-core-1_0.html[spec])
+** https://openid.net/specs/openid-connect-core-1_0.html#UserInfo[UserInfo Endpoint]
+* OpenID Connect Dynamic Client Registration 1.0 (https://openid.net/specs/openid-connect-registration-1_0.html[spec])
+** https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration[Client Registration Endpoint]
+** https://openid.net/specs/openid-connect-registration-1_0.html#ClientConfigurationEndpoint[Client Configuration Endpoint]
+|===