Nobel Prize-winning physicist, Richard Feynman had once said: “You know you have mastered a skill, when you can teach it to a child”. Why? Because it forces yourself to understand the concept at a deeper level and simplify relationships and connections between ideas. Great Job Koushik! Thanks.
I just don't understand why some people would thumb down on this tutorial. In fact, all the tutorials from this channel are excellent. I learned a lot from them
@@phuang3 Relax. This particular video was bad, it doesn't mean the whole channel was bad. Whose rule is it that says you can't comment on the quality of a video unless you, yourself have your own channel? Grow up.
you all probably dont give a shit but does any of you know of a tool to log back into an Instagram account..? I somehow forgot my password. I would love any assistance you can give me.
Hands down the best style of introducing technical material, that I have ever seen. Your videos are so easy to follow. I'm glad you start with concepts and examples, before going into the jargon.
Wow ...trust me i have seen 10+ videos on this topic on RU-vid. But the way you are explaining... someone who is from commerce or arts background also will understand everything..😛
Thank you!!!! I never know what "client" site means until now. There are so many things on the internet, and unfortunately people just assume it's common knowledge and don't bother explain them, which makes the process so much harder and frustrating. Thank you for taking the time
Accidently found one video by Java brains, and this is my fifth video back to back, so additive ( things I understood in past with partial knowledge and getting confused time and again, explained o me here like a baby). I have seen many videos but no one explained like you did. Thanks a ton. Please put a link where views can make some donations if they are happy. I would love to do that
Thanks! I'm from Belarus and sometimes to hard to parse bad pronunciation, but yours is very clearly. Very useful explanation, one of the best learning channels!
Thanks Kaushik for such a wonderful video very clearly explained like you always do. I just wanted to know why implicit flow is less secured?? although in both kind of flows(authorization and implicit flow) client application has access token which can be used to access the protected resource from resource server.
Thank you, thank you, thank you for your wonderful explanation! I have a question about the authorization code flow: in the step 5 the authorization server sends the authorization code directly to the client, while searching on the web I found that the authorization code seems to be sent to the user which then gives it to the client that exchanges it with the authorization server for the access token: is it correct? Maybe you didn't mention this extra step in order to keep the explanation simple, but it would help me to better understand the difference between the authorization code flow and the implicit flow
Very nice introduction sir. I love your teachings. It helps me so much in understanding complex concepts which seems very difficult to me before. Sir, as honest request, can you please teach the implementation (demo) on the three flows you mentioned in this tutorial. Please sir👏 And thanks so much for these lessons.
it will be great if you start a series on SOLID and Design Pattern in Java/any oops language. I know there are lots of material out there on internet related to these but I believe your way of teaching style will help out lots of ppl. and if you do please try to make each SOLID principle example not related to each topic. Thanks
The idea of picturizing the concepts and telling a story to explain the concepts is extremely helpful and captivating sir! Thanks a lot! I derive immense sense of satisfaction on viewing your videos. Any such videos on docker and kubernetes please?
Thanks, very helpful video! A few questions on the third flow, Client Credentials: 1. You mention that micro service 2 has an authentication server. But in the terminology we only talked about an authorization server--is this indeed a different thing, or did you mean to say authorization and not authentication? 2. In the second step, after MS1 goes to the MS2 Auth server, it receives an access token for, you say, only the API calls that it should have access to. But how does the auth server know what MS1 should have access to? My guess here is that this is indeed an authentication server, and that the server is meant to know ahead of time who MS1 is and what kind of access it should have, and that this is what is meant by a super trustworthy client, but I'd like to confirm if this is correct.
Nicely explained. Just one point to add..the exchange of token in authorization flow happens from a server to a token end point. The call is not from browser.
Java Brains, thank you very much for the excellent video. One question about Implicit Flow. You've mentioned that it's drawback is that anyone can use the access token that client received. Isn't it true for the Authorization Code Flow when anyone can get Authorization Token and then get an Access Token with it? From my point of view this is exactly the same problem just the "dance" gets one step longer. And you point that in the first flow client can get an access token in a more secure way is not convincing. Why not to make the same level of security while getting an access token without sending authorazition one first?
Hi Kaushik. Thanks a lot for providing such great content. You are doing great service to the community. Can you please release few videos on saml as well ? What is saml and how does it differ from oauth and how to implement it using spring boot .
Thanks for this brilliant tutorial. I had question though why did Client send AUTH token back to the Authorization server to get that ACCESS token in Flow-1?
Thank you for this. What is the best way to store the access token, refresh token, ... in your node layer for later to use? How to know if the user is still logged in so we don't ask them for credentials if they close the browser?
Kaushik : one small doubt , in 3rd flow when MS-1 call MS-2 with access token then MS-2 wouldn't validate the token with Auth Server? If it validate then your didn't mentioned the arrow from MS-2 to Auth Server. Please explain but in wordings you are saying if MS-1 ask for payroll detail from MS-2 then Ms-2 wouldn't give because access token send by MS-1 is not applicable to get payroll detail. In short, arrow is missing from MS-2 to Auth server. Another minute thing is just to verify , Auth server is also a MS to generate the access token - correct na ?
Awesome Video as usual from Kaushik. One thing just want to clarify a point (21:45) Micro service 2 which does not know to validate a generated OAUTH by AUTH server, so it should call a AUTH server to validate a provided access token by MS1 is valid or not, if valid it will serve the purpose of a call. please correct me if i'm wrong. thank you.
Good tutorial, but the auth code flow is inaccurate though. Auth code is issued to resource owner instead of client, otherwise the token exchanges between client and auth server would be redundant here. Better draw a sequence diagram here make it more understandable.
Thank you very much for all the videos and well taught. Can you please post videos on spring security form validations like account locked and account expired. Thans in advance
Kaushik - one basic but important question. Is oAuth and SSO are same ? because in organization when we use internal applicaiton(s) we no need to login in every application and we say its due to SSO i.e. we dont use the word 'oAuth' . can we say where ever there is oAuth , actually its SSO ?
Great explanation Kaushik! The animations makes the illustrations way better. I would love to see you do a system design playlist which can go over the web architecture and design of various large scale applications like Netflix, Uber and Facebook. Most videos on youtube are done on the white board. It will be great if you can do one with animations. Thanks!