Okta in Spring Boot implementation with Spring Security and oauth2 | LIVE DEMO | Code Decode

Подписаться 136 тыс.

Просмотров 37 тыс.

50% 1

In this example we have explained Okta Spring boot with oauth2 and Spring Security.
Udemy Course of Code Decode on Microservice k8s AWS CICD link:
openinapp.co/u...
Course Description Video :
yt.openinapp.c...
Next Level App download link : next-level.one...
Create an Account in Okta
Login / Register to developer.okta...
Okta is our - Authorization server. It will provide us Access token to access our secured APIs.
Okta internally uses Oauth2.0 as underlying protocol for security implementation.
Okta provides a pre-configured custom authorization server called default.
You can register or login with Google / Github etc.
After successful registration , Next you need to create an application
Click on 3 lines in top left corner there u can see application dropdown
Click on applications
Then click on Create App Integration and choose the type of authorization method you want to use.
We need API Services
Interact with Okta APIs using the scoped OAuth 2.0 access tokens for machine-to-machine authentication.
Name your application
After that remember to save imp information - such as client credentials, client secrets, and Okta domain id that will be used later for our application
Client Id = Our public identifier to the OAuth flows.
Secret Id = Password for the client ID.
Okta Domain ID = The ID of the organization where our application is located.
Next Go to the Security tab and click on the API section
Here we have the following properties: authorization server name, audience, and issuer URI.
Audience = the claim aud to identify the recipient that the JWT is intended for.
Authorization server name = the name of the authorization server. In this case, I’m using the default one, but you can also create your own authorization server with the proper policies, scope, and claims.
Issuer URL is a unique identifier and a point to provide important metadata about the server, including a request for a token by adding the /v1/token path.
Create Spring Boot Application
Create a Spring boot project
Add Okta starter dependency - okta-spring-boot-starter - This will add all required classes for securing Spring application
Now we need to configure the API, adding some properties to our application.yml.
Now if you try to run Application - it will create error - Your Okta Issuer URL is missing. You can copy your domain from the Okta Developer Console
okta:
oauth2:
issuer: ${yourDomainId}/oauth2/default
Now after Securing the Application. Create any controller and rest endpoint.
Secure your Spring Boot Application
You will not be able to access the Get request also with okta implemented
To Test your application now - Try hitting through postman and u can see 401 - unauthorised
Create Custom scope as “ custom “ in okta.
use it to get token and use that token in apis.
In order for someone to make a request to your API, they need an access token. How an access token is obtained depends on the client making the request
Most Asked Core Java Interview Questions and Answers: • Core Java frequently a...
Advance Java Interview Questions and Answers: • Advance Java Interview...
Java 8 Interview Questions and Answers: • Java 8 Interview Quest...
Hibernate Interview Questions and Answers:
• Hibernate Interview Qu...
Spring Boot Interview Questions and Answers:
• Advance Java Interview...
Angular Playlist: • Angular Course Introdu...
SQL Playlist: • SQL Interview Question...
GIT: • GIT
Subscriber and Follow Code Decode
Subscriber Code Decode: www.youtube.co...
LinkedIn : / codedecodeyoutube
Instagram: / codedecode25
#okta#springsecurity #codedecode

Опубликовано:

26 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 138

@Trishaptesh Год назад

I have started preparing for job interviews and following all the videos you uploaded in this channel from past fews day. I must say you did a great job here. Thank you for all the hardwork you are putting and keep sharing your valuable knowledge with us. Thanks.

@CodeDecode Год назад

Means a lot to us 🙏🙏. Keep learning keep shining Man 🌟🌟🌟🌟

@RavikiranKada-e9p 10 месяцев назад

One of the best videos on OAuth 2.0 I have come across. Thank infinitely

@CodeDecode 9 месяцев назад

Thank you so much

@shalinisharma8122 Год назад

Great explanation and in depth coverage of the topic. May GOD bless you. Doing a great job.

@CodeDecode Год назад

Thanks Shalini 🙂👍

@gayatrimamidwar8364 Год назад

I was looking for okta nd understood from beginning to end. Thanks a lot dear🥰.. learning a lot from your videos

@CodeDecode Год назад

Glad to hear that Gayatri 😊👍

@ashishshriwatri9 Год назад

I feel like CODE DECODE become university. Thank You.

@CodeDecode Год назад

Thanks Ashish 😊👍

@timtim9o5 Год назад

Thank you! To me this was a lot more straight-forward than keycloak, and you explained it very clearly.

@CodeDecode Год назад

Thanks 😊👍

@nishantlakhara Год назад

you are a time saver. very clear and crisp explanation.

@CodeDecode Год назад

Thanks 🙏🙏👍👍

@bavana541 Год назад

Excellent video.. really appreciate your efforts to explain in detailed manner ..its very clear so that fresher can also learn without any difficulty..god bless you sister.

@CodeDecode Год назад

Thanks for the motivation bavana

@robinbhargava111 Год назад

Very informative video to learn about Okta and token generation.

@CodeDecode Год назад

Thanks Robin 😊

@vuttianusha5540 8 месяцев назад

Yet another great video!! I have been following your videos and content. It's been amazing. Thank you soo much for your time and effort. Please upload the next part of this that is securing only post apis and not get apis.

@CodeDecode 8 месяцев назад

Sure 👍Thanks 👍

@pratikkurbet3437 Год назад

Just watching Okta content and your popped up thanks 🙏

@CodeDecode Год назад

Thanks Pratik 🙂🙂👍

@veera-fb9or Месяц назад

Wow Great Explination 👍👍👍👍👍👍

@Vithal_Nivargi Год назад

Thanks mam nicely explained 🙏. and please bring other videos on this concept like custom configuration. and implement such way that we can use it in Enterprise application level. Thanks

@CodeDecode Год назад

Sure we will do that👍👍🙂

@jagan1957 6 месяцев назад

Thank you so much for the amazing insights into the profiles.... Highly helpful and educative. Keep creating more content.

@praveens2272 5 месяцев назад

Indian youtubers are on direct point

@CodeDecode 5 месяцев назад

Thanks

@swapnilchavhan480 Год назад

Thank you very well explained in short video ,please make details series about security

@CodeDecode Год назад

Sure Swapnil 👍

@thepowerofanime4619 2 месяца назад

Good video. I am jot sure if u will make the next part of it.

@VishnuVardhan-pe7lj Год назад

Hey!!!! Your way of presenting is too good.

@CodeDecode Год назад

Thanks Vishnu 🙂🙂

@tanson86 Год назад

Yes. I want a video on the implementation you referred to in the last 1 minute ie integrating okta with webszcurtiyconfigureadapter and ant matchers for bypassing certain end points.

@CodeDecode Год назад

Sure Tanson 👍👍

@sandysworld7529 Год назад

First comment and first like.. i waiting for this.. thank you mam

@CodeDecode Год назад

Thanks a lot🙂👍👍😃

@manishkartik1275 7 месяцев назад

Hello Maam your lectures helped me a lot to crack big tech companies interview round Thanks a lot for this can you please do a session for MYBatis also

@siddharthpandey835 Год назад

Seriously Its awesome. Pls make more videos !!!!!!!!

@CodeDecode Год назад

Thanks Siddharth 🙂🙂👍👍

@RjDBIIPL Год назад

i learned a lot from you ,tqsm🌹

@CodeDecode Год назад

I'm so glad! ❤️

@oldaccount137 Год назад

Very useful video as always , but one thing i want to know that how the internals of these works in spring application which filter , AuthenticationManager , provider are getting used to authorize client and storing Authenticated Objects if these things you explain in the next video will be awesome and will be next level of knowledge.❤️❤️❤️

@CodeDecode Год назад

Sure we will do that 👍👍

@soulfulGirl_ Год назад

@@CodeDecode Is this video available , if so can you pleaseee share it will be very helpful

@anjaniysalekar6727 Год назад

Love your content madam, love from Gujarat😊. Please make a same video with Keycloak too. Please make that video.

@CodeDecode Год назад

Sure Anjaniy 😃😃🙂👍

@anjaniysalekar6727 Год назад

@@CodeDecode thanks in advanced.

@farhaankazi7134 5 месяцев назад

Please make more video on okta authentication and authorization for microservices communication including api gateway

@CodeDecode 4 месяца назад

Sure 👍

@sanjayshah3538 10 месяцев назад

Thank its very helpful knowledge, may i know how can we define in controller the. Specific endpoint can be access by scope(roles) which based while creating token, could you help me that to implement please.

@CodeDecode 10 месяцев назад

We will create video on that soon👍

@Shreenidhi110 7 месяцев назад

just wow!,Excelent content,Thanks alot !

@misjmadura Год назад

Your contents are amazing and so useful. I have been watching them recently and learning so much from you. Really Appreciate your efforts. Could you please share the link of next part of this video if it is uploaded? Thank you again.

@aishurajas2507 Месяц назад

Hi code decode member, I really want to learn from you. Do you conduct offline trainings?

@aasthasharma8593 Год назад

Very well explained!! Thanks to good video

@CodeDecode Год назад

Thanks Aastha ❤️

@sudheerkumar-tp1mg Год назад

Hi Mam, I am big fan of your channel, regarding SSO how to modify the already existing backend system because that systems already have user information which internally used in different parts of the application, please share any video on this.

@souravpaul6086 Год назад

Hi, your videos are so informative I learned a lot from your videos thank you for making informative videos for us. I have a request could you please make a video where linkedin and twitter used as social login platform instead of okta that can be very useful. Please make a video on this topic

@WHITE-ci5mv Год назад

Hi, I follow the steps in the video but while generating the token using postman i am getting below error: "error": "unsupported_grant_type", "error_description": "The authorization grant type is not supported by the authorization server. Configured grant types: [client_credentials]." what could be issue here?

@RjDBIIPL Год назад

do you have a oauth2 with okta ODIC-openID web application without postman API, please post asap

@CodeDecode Год назад

What do you require exactly? Spring boot application?

@rakeshpramanik Год назад

Thank you for all hard work .plz make an extension

@CodeDecode Год назад

Thanks . Sure Rakesh 👍👍

@mediss3720 Год назад

Good exercice for okta jwt

@CodeDecode Год назад

thanks

@mahendragoud8406 4 месяца назад

Hello mam Currently its showing error at 16:22 The DPoP proof JWT header is missing please provide a way to resolve this

@SoyJavero 25 дней назад

same could you solve it?

@agrawalparimal7283 2 дня назад

that's because you must have selected Proof of Possession while creating an app, you can modify it, it will be below client secrets in general settings, so uncheck it!

@monishad7040 7 месяцев назад

Thank you for your efforts and I am getting 404 error. { "error": "invalid_dpop_proof", "error_description": "The DPoP proof JWT header is missing." } Could you please help me.

@albertraja7449 6 месяцев назад

Getting same error

@SoyJavero 25 дней назад

same could you solve it?

@agrawalparimal7283 2 дня назад

@@SoyJavero that's because you must have selected Proof of Possession while creating an app, you can modify it, it will be below client secrets in general settings, so uncheck it!

@sriharshapaladugu3575 Год назад

HI Nice explanation I have two questions: How can i have okta validation without "/okta" in url? How to extract user information and pass it to different function from jwt?

@AnjaliPatel-b8r 3 месяца назад

Can you create a demo with new authorization server please?

@baskar.k Год назад

Very good tutorial

@CodeDecode Год назад

Thanks

@vickybhoir3017 4 месяца назад

nice explanation

@everyone2905 Год назад

Please attach a link in the comments of Single sign on, which you said you'll discuss in next video, i can't find by searching on your channel.

@shaikvaheed1730 2 месяца назад

I tried the same way what tou did for my project POC am getting the below error couldn't retrieve remote JWK set PKIX path building failed sun.security.certpath.suncertpathbuilderexception Please suggest what can be done for this issue

@saikiran3085 3 месяца назад

Thank you so much

@CodeDecode 3 месяца назад

You're most welcome

@pottendlanagma7263 4 месяца назад

In recent time DPoP came into picture for JWT token and this example is not working. i am getting "invalid_dpop_proof" error. It would be great if you could make a video about this issue.

@SoyJavero 25 дней назад

same could you solve it?

@agrawalparimal7283 2 дня назад

that's because you must have selected Proof of Possession while creating an app, you can modify it, it will be below client secrets in general settings, so uncheck it!

@DattatrayBabar-w2e Месяц назад

@codedecode The DPoP proof JWT header is missing. I'm getting this while generating token

@SoyJavero 25 дней назад

same could you solve it?

@agrawalparimal7283 2 дня назад

that's because you must have selected Proof of Possession while creating an app, you can modify it, it will be below client secrets in general settings, so uncheck it!

@dasithasandaruwan6002 Год назад

Hope you will do the user registration part too, thanks

@CodeDecode Год назад

User registration part? Can u plz elaborate?

@DattatrayBabar-w2e Месяц назад

{ "error": "invalid_dpop_proof", "error_description": "The DPoP proof JWT header is missing." } what can be done in this case, while generating token

@SoyJavero 25 дней назад

same could you solve it?

@agrawalparimal7283 2 дня назад

that's because you must have selected Proof of Possession while creating an app, you can modify it, it will be below client secrets in general settings, so uncheck it!

@vikashkumar-gv1dp 7 месяцев назад

🙏🙏🙏please upload one video for authorization_code as grant type🙏🙏🙏

@ahammedhussain9335 8 месяцев назад

Can we have a securityconfig class video please ?

@siddapure Год назад

I have created application in same way you explained but it's not working

@CodeDecode Год назад

Issue?

@siddapure Год назад

I have configured all as you told and getting torn from jwt token as well. When I pass this token as basic with JWT and passed credentials etc. But getting 401 from postman when I hit my application. Am I Missing anything?

@astar4782 Год назад

The Okta UI has changed.. can you show a sample with the latest UI ?

@CodeDecode Год назад

Sure👍

@omkarmhatre628 Год назад

Grate Video mam. Please make extension of this video. Thank you.

@CodeDecode Год назад

sure omkar we will create it soon

@hassanharera Год назад

Great

@CodeDecode Год назад

Thanks😇

@Varun-v8g Год назад

Please create more content on oauth

@CodeDecode Год назад

Sure we will create it soon

@Shreenidhi110 7 месяцев назад

Please add the next video

@ujjwalmittal3122 Год назад

MORE VIDEO ON THIS PLEASE

@CodeDecode Год назад

Sure ujjwal we will create it soon

@ujjwalmittal3122 Год назад

Thank you Mam

@tamojitdutta993 Год назад

Pls create the next video for okta

@CodeDecode Год назад

Sure 👍👍

@crazyajay9289 Год назад

do we have the extension of this video series?

@gauravjaiswal7923 Год назад

Can you please create the second part of this

@CodeDecode Год назад

Sure Gaurav 👍

@SajidhKareem 11 месяцев назад

@@CodeDecode Yes pls. I need it desperately.

@you_shotzz Год назад

Can u show the role based also OIDC one

@anithaluckas2635 Год назад

Can you please explain and upload the spring batch

@vempallireddybasha1302 Год назад

pls do customization auth server as well mam

@prisinha Год назад

6:00 Yes please create

@mohamednibras53 Год назад

How to get access token for a specifc user ?

@CodeDecode Год назад

Access tokens have claims. Claims have user info. From front end get access token signing that specific user, you will then get all user info in your token itself

@mohamednibras53 Год назад

@@CodeDecode in this video to get the access token you have passed username and password as client id and client secret. I have 5 users in the Okta directory. When i try to get access token by passing those users credentials, i cannot get access token. How to resolve this ?

@funnyvideorocks Год назад

Can you please solve leetcode with basic logic

@CodeDecode Год назад

Sure we are already uploading many such videos on channel

@pillisasidharreddy8632 Год назад

We want part2 of okta

@sandysworld7529 Год назад

Mam, please make extension of this video.. Thanks.

@CodeDecode Год назад

Sure 👍👍

@manishkartik1275 7 месяцев назад

14:20 you will cry why you are not getting access token 🤣🤣

@BeAmbitious96 6 месяцев назад

Im getting below error { "error": "invalid_dpop_proof", "error_description": "The DPoP proof JWT header is missing." }

@SoyJavero 25 дней назад

same could you solve it?

@agrawalparimal7283 2 дня назад

that's because you must have selected Proof of Possession while creating an app, you can modify it, it will be below client secrets in general settings, so uncheck it!