Stand out from the crowd with real-world skills which you can learn from Educative: www.educative.io/unlimited?aff=x8XR If you are interested, subscribe to the plan that fits you from the above link.
IMO video covers lot of content but from very high level perspective. May be this video should be a part of a course on Spring security where it would be easy to tie things together. Even if we exclude Spring security part, oauth/openId API flows are not highlighted to make things stand out right. I would suggest to invest time in this only if you know oauth2/openId connect and Spring security beforehand and just need a quick refresher.
I've watched AspNet Identity server videos, bootcamp videos but THIS IS THE MOST COMPLETE video on a full OAUTH implemenation because it has resource server as well. Superb. Just thanks man..
friends, 1. Authenticate and get token from one microservice 2. Then u can use that token for further requests either they are in the same microservice or different one 3. You just need to validate the token, get user details and set the security context holder This is basically a fliter for validating token does it make sense??
I think you need to implement the same but with client credentials grant type. read more about it, this where you don't have user or UI involved but many backend microservice needs to share data between eachother
Not able to run the security client . This error is coming Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient';
Thanks bro for sharing this detailed and updated Spring Security tutorial, could you please guide me how can I achieve same without loginform I mean I wanted to use OAuth2 for third parties API to API communication with Client Credentials.
why when I run authorization server and client server I get login page without username and password field and I have instead two links in please sign page api-client-authorization-code and api-client-oidc links and on the top of them Login with OAuth 2.0 Login with OAuth 2.0 [authorization_request_not_found] api-client-authorization-code api-client-oidc
I have doubt brother, I have two RestApi's(customer,product) both api's need login username and password then only you can access those restapi's resource otherwise is not possible. In the Customer restapi's using RestTemplate to call product restapi's it show 403 forbidden error because of Product Restapi it asks again login details Brother. How to use Customer login details in Product Restapi brother How to solve this problem and what is the approach ( have any reference please send)....
Thank you for your very comprehensive and useful training. Please, if it is possible, how to do this using reactJs, instead of using the login form, teach Spring Security, or if you have the source code, I would appreciate it if you could share it.
Good video, rather clear. Any idea how to implement step-up authentication? From my client I want to ensure I get a certain Authentication context after authentication and re-authenticate using a differnet acr if needed.
Great explanation, Consider this : If I have two client apps registered in auth server with contexts say /app1 and /app2. Now when I hit /app1 it redirects me to login page, when I log in for app1 I want it to automatically authenticate me for app2 as well. how can I achieve sso kinda thing ?
Thanks for this. I tried implementing with spring-auth-server and API gateway as the client and always got Bad credentials. Not sure if using version 1.0.0-RC1 and spring boot 3.0.0-RC1 has anything to do with it!
Hi, I write you because I follow your tutorial step by step but when you tried to access to the client, the result should be to redirect to login page of the Authorization server but in my case I got the follow error message: "There was an unexpected error (type=Bad Request, status=400). [invalid_request] OAuth 2.0 Parameter: redirect_uri" I checked and I can see I have the exact same code, I tried to resolved this issue myself but I couldn't find an anwser about this error. Can you help me please to resolved it? Thanks & Regards
thank you for your comprehensive video, and nice explanation! downloaded your example and run it, but didn't know how can I register the user first in order to use it afterward in the login page, or should I insert it to mysql manually?
hey , I am using ping id for an authentication.But after session timeouts I am not able to redirect to SSO page as it says Open id connect issue however code is working fine in localhost! Any suggestions on this?
Thanks for the video! I will watch on this week. Say, with this implementation I can generate a bearer token in a server to use to access an application? Do you have any video showing how to use it?
This is what the Resource Server does for you automatically. If you want to manually authenticate against the Authorization Server (regardless you're using Java/Spring or not), you will have to implement the following steps: 1- Generate the authorization request with all the Client registration details (client_id, state, grant_type, etc.) 2- Create an endpoint in your app where you can receive the code grant. 3- Get the token by making another request against /token endpoint on the authorization server (using the same above details,, in addition to the code you received in the second step and client_secret).
Nice Tutorial, but can be more simplified. it becomes little faster in between and little less descripted while write the code. Thanks for making this. Please try to describe more. you are already doing great. I know asking more.
Why when i try to start the server, it is throwing an error Caused by: java.lang.IllegalStateException: Unknown provider ID 'spring' i'm using the same run application for my client and my auth-server, i don't want to have the resource server, can i keep continuing with that modification?
Thanks Sabbir for tutorial.!!! im facing below error while running application.. "java.lang.IllegalStateException: Error processing condition on org.springframework.boot.autoconfigure.orm.jpa.JpaBaseConfiguration.jpaVendorAdapter"
Thanks Sabbir for tutorial.!!! im facing below error while running application.. "org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'"
@@rohitkumar-nf8et I have faced the same issue, resolving the dependencies correctly helped me to get out of the issue. By the way Where ever you use the webclient.get -> Webclient.create().get()..
Hi.. Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database. What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless). Should the Authorization Server be customized to connect to the identity provider Authorization Server and generate tokens from the custom Authorization Server? or Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider? Any code samples along with suggestions will be appreciated.
You don't need the Client app in your case, since you already have an Angular app (which will be the client). I think you need to add another AuthenticationProvider in your spring settings and add it to the current AuthenticationManager (where authentication happens against Ping Federate). This is a general idea of the implementation, let me know how it goes with you!
Hello, I have problem during build of spring-security-client module, I have got "UnsatisfiedDependencyException" during compiling webClient at helloController, Is there anyone who can help me?
The tutorial is good, but I felt its bit fast. And for me the theme of the IDE is not appealing, don't know how many liked this. It has too much contrast.
Thank you for end to end full OpenId flow with source code. Could you please help me to enable dynamic client registration url in /.well-known/openid-configuration
At half stage it's like somethings come you are just copy pasting and it has become so less descriptive. Was expecting a lot in this video but was disappointed. Hope I can learn Oauth 2 in future
Client can be any user accessing the app. Can you elaborate on the User Resource Owner who is providing all details? As it's slightly tricky here as I am assuming Resource can be any URL endpoint within the application or microservice that the user wish to access. For all clients or users accessing the application, only one client ID will be used? Since you have demonstrated one unique client ID for OAuth. Is Bearer token created seperately for each client user accessing the application?
You put the auth project inside a folder. You have modules in your POM.xml "modules" there. I try to do the same here and it does not work. It looks like your tutorial start from the mid of the subject and we are missing the beginning of it. Do you have URL for the complete video? The client part of it (the beginning) isn't here.
bro, the most important part is client register and authorization server config you copy and paste, we do not know where to take it and we got wrong to follow you and we do not know why we wrong bro
Since you are running the oauth-authorization-server and spring-security-client (separate) applications on the same database, isn't there a possibility that they can be out of sync since both apps are using separate connection pools, caches, etc ??? How would this be solved? Thanks for your insight on this!
They should be separate apps on different deployments. He used the same DB to simplify the demo for us instead of having multiple schemas and DBs to connect to.