# token based authentication with jwt:
- https://scotch.io/tutorials/the-ins-and-outs-of-token-based-authentication
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- http://nordicapis.com/how-to-control-user-identity-within-microservices/
- http://jwt.io/introduction/

# oauth 2.0
- http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/
- https://tools.ietf.org/html/rfc6749
- https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
- http://code.tutsplus.com/articles/oauth-20-the-good-the-bad-the-ugly--net-33216

# oauth grant types (from rfc6749)
  OAuth defines four grant types: 
  
  - authorization code, 
  - implicit,
  - resource owner password credentials, and 
  - client credentials.
  
  It also provides an extension mechanism for defining additional grant types.

## spring authorization grant types

.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit", "client_credentials")


# sprint oauth 2.0 examples with Java Spring
- https://github.com/absolutegalaber/jwt-oauth2-example
- https://spring.io/blog/2014/11/07/webinar-replay-security-for-microservices-with-spring-and-oauth2
- https://github.com/dsyer/sparklr-boot
- http://cloud.spring.io/spring-cloud-security/#quick-start
- https://github.com/dynamind/spring-boot-security-oauth2-minimal
- http://callistaenterprise.se/blogg/teknik/2015/04/27/building-microservices-part-3,%20secure%20API's%20with%20OAuth/
- http://projects.spring.io/spring-security-oauth/docs/oauth2.html
- http://docs.spring.io/spring-security/site/docs/4.0.4.CI-SNAPSHOT/reference/htmlsingle/


# nginx auth request
- http://nginx.org/en/docs/http/ngx_http_auth_request_module.html