Going Full OAuth with the new Spring Authorization Server in Spring Boot 3.1! #oauth2 #oauth

Great video. Very informative. I am running into issues though. On form login I keep getting an error with status 999. This occurs after the post. Any advice or general direction to check? I do have it on stackoverflow which has a lot more detail (such as pom.xml and config file). Thanks and keep up the great work!!

Hello Guys, first thank you for this great video.
I've a spring boot boot authorization server working fine locally and i can use i spa client like angular to authenticate the user using the authorization code with pkce.
However after putting my spring boot authorization server behind gravitee gateway ,when the client make a get request to gravitee it redirect it to the server and the server redirect the user to it login page.
But when the user authenticate, I have the saveRequest Null because the header change between the first gravitee call and the redirect on the server login page.

Can anyone help me please ?

By just following you, I was able to successfully complete the authorization_code workflow. The only difference is, my resource server is an mvc, not rest. Now when I try to post a form, I get "An expected CSRF token cannot be found" with status code 403. As I am using thymeleaf, csrf is already there in the form. Any suggestion?

Using Spring Security and Auth Server is there an easy way to generate an access token programatically?

Thanks guys. This video actually cleared most of the doubts I had with the authorisation server. Awesome!

Any chance to show how to secure websocket? How to use jwt with sockets?

Hello, how can I achieve the same thing without using RouteLocator, instead of this, I want to use reactive webclient?

I tried doing this exact implementation, but I containerized it using docker compose, and I'm constantly getting bad client?
I wonder if there's something additional required.

honestly watched the first 10 mins.. The pace and atmosphere are very uncomfortable

First of all, guys, amazing video, I enjoyed it all the way from the beginning till the end.
One question in my mind right now. How flexible is SAS for changing the view (HTML & CSS) of the Login page or Consent page as well?
I remember having so many troubles doing those things with Cognito or Keycloak, I really hope SAS gives more flexibility.
Thanks and all the best to you guys.

Amazing content...Can we use revoke endpoint for logout? Or please suggest how to handle logout..

where i can get code link?

In an application where users of a client have unique permissions, how is this managed in spring authorization server?

Josh acted like he doesn't knw 😂! Pretty entraining and easy grasping content! We really waited for Spring Authorization server to be in spring eco-system! Excellent content but plz upload in high resolution

Thanks for great overview.
I have one question, is authorization_code flow is PKCE enabled?

just works))

Thank you for the demo. It looks simple enough but I'm still confused about how to apply it to my own app. When securing a rest api that is consumed by a separate client app, can the authorization server live inside the rest api and serve the oauth endpoints on the same port as my rest api? Do I need the resource server in there as well? Would the client app use authorization_code grant type? Could you point me to some info on this? Appreciate the help!

Tried to follow coding with you, but a POST to localhost 8080 oauth2/token using basic authorization with client and secret, give me an error "OAuth 2.0 Parameter: grant_type". As explained in github issue "spring-projects/spring-authorization-server/issues/349" Spring will not be providing support for the password grant as its deprecated in OAuth 2.1.

I already watched out many videos like your, But I can't figure out how to register new users through the API. All are doing the same (In Memory User), a single admin user by coding and fixed. So I wanted to know how to register more than one users on Auth server through API like "api/auth/register". Hope you get my point and pls answer me.

You guys are amazing ..

Great stuff, Josh and Steve. The worst part seems to be all the config, which is mostly a one-off.

Speaking of security... I recommend moving off LastPass because of its poor security practices. We switched from LP to 1Password and really love it. Migration is easy and it is feature rich.

Thank you for the presentation!
I have a (genuine) question: Why would I use Spring Authorization Server instead of, say, Keycloak?
Could you give some pros/cons?

Security is hard, after watching the video it hasn't gotten any easier 🤣, but if you can do all this in 1 hour, then it's certainly manageable for the rest of us 👍.
Kudos to the Spring team for this great effort 🔥.