Session Clustering for OAuth 2.0 Applications

Learn how sessions are used with OAuth 2.0 and build an example with HAproxy, Redis, and Spring Boot.


A common OAuth 2.0 question we get: “How do I deal with OAuth in a load-balanced application?” The short answer: There’s nothing specific about session clustering for OAuth. The longer answer is—you likely still need to worry about cluster session management. This post will discuss how an OAuth login relates to your application’s session. And we’ll build a simple, secure, load-balanced application to demonstrate.

Developers Guide to GPG and YubiKey

Tutorial: API clients have different capabilities and needs! Learn how to make your server select the correct languages, media types, and compression!


Content negotiation allows for an HTTP server to respond to different types of clients. Many modern clients expect a JSON response, but there may be a need to format responses differently, maybe XML for older clients or a binary format for newer ones. Content negotiation is the mechanism used to solve that problem and others, such as dealing with multiple languages and even compressing HTTP requests.

JWT vs Opaque Access Tokens: Use Both With Spring Boot

Tutorial: Learn how to use JWT and opaque access with Spring Boot.


The topic of validating an OAuth 2.0 access tokens comes up frequently on this blog. Often we talk about how to validate JSON Web Token (JWT) based access tokens; however, this is NOT part of the OAuth 2.0 specification. JWTs are so commonly used that Spring Security supported them before adding support for remotely validating tokens (which is part of the OAuth 2.0 specification.)

Arm Up Your Java: Performance Benchmarks

We ran Java performance tests on Arm and Intel, the results may surprise you!


Arm processors have been in the news lately, and it’s causing confusion and worries about processor performance for some folks. After Apple announced its plan to switch to Arm-based processors, I heard people (incorrectly!) speculating the performance would be similar to a Raspberry Pi. Java on Arm is nothing new, but we are seeing increased Arm investment from cloud vendors. Amazon recently updated its Arm offerings, and Microsoft is working on porting the JVM to Arm64 for Windows (no…