Spring Boot Spring Security JWT: How to authenticate with a username and password

Great video. I think the root endpoint won‘t work anymore. I cloned the project and get a 404. Can you explain what happened?

Simply great video..........
Hey, how can we add time for expiration of token validation, and how can we create refresh tokens for the same.

Hi Dan. It has been a video series filled with very clear and understandable explanations. Thank you so much for your service

Well done Dan 👍

I love this have been looking a simple way for password authentication but you got me coverted. keep up the great tutorials. Much love for your content.

We can't use ECDH keys with NimbusJwtDecoder. I want to use ECDH type of public-private keys.

Can you show how to set up the configuration whilst authenticate against a user in your db instead of creating an inmemory userdetailsservice. I know you have to implement the userdetail, but it is unclear how to set it up. You're video's regarding this do not implement the use of oauthtoresourceserver.

Hey Dan, do you have any videos explaining how to call an api with jwt auth, from another api in a different spring project?

I think you should add org.springframework.security.oauth dependency. Without this isn't able to use JwtDecoder Class.

Thanks for the explanation, good tutorial!!

awesome, thanks. I couldn't find anywhere info how to make AuthenticationManager in new Spring Security versions

I like very much your tutorials and here your explanation about how to retrieve an AuthenticationManager. However, I wouldn't authenticate the user in a Controller. This should happen beforehand, via a Filter and a Provider.

Thank you for the great videos, you are amazing, but with the code from the github repo doesn't work it gives an error that RSAKey bean is required. Please check into it if you can, thanks in advance!

please do one but with jpa request body authentication!

Hi @Dan thank you very much for the tutorial. Could you please improve it to add refresh token?

request login with database. tq

Is it possible to have an example with the symmetric key? I'm trying but I always get "Failed to select a JWK signing key" error while generating the jwt token

Bonjour,
Merci pour ce tutoriel exceptionnel.
Could you help me to fix this :
Reason: failed to convert java.lang.String to java.security.interfaces.RSAPublicKey (caused by java.io.FileNotFoundException: class path resource [certs/public.pem] cannot be opened because it does not exist)

Merci

Thanks Dan, these two JWT videos are really helpful!

If you can further talk about how to implement both *form login* and **jwt token**, that will be great.

I am struggling with this now, I tried

1) two filter chains (not working, always the one with lower order actually executes)

2) two authenticationManager (not working, when i pass the jwt token, it still redirects me to the login page)

if you have time to help, thanks in advance😀

That AuthenticationManager part was very helpful, thanks Dan!

Hi Dan, you mentioned about separate end points for login and for Token. If you could explain that further, it will be helpful. The reason being, when you use OAuth2 with PKCE, you first need to authenticate and get the 'code' in response which needs to be further passed along with 'code verification' to the separate Token endpoint to get the JWT Token.

You are the best tutor on the new Spring Security configurations, keep up the good work! I had one isssue though getting the RSAKey to generate, i said i need to configure RSAKey as type bean or something, even though i copied your code from github

lets say we dont want to manage passwords and registration/authentication happens using otp to the persons email id. how do we generate the token then ?
thanks in advance

Just came back to this video after a lot of reading and watching videos on JWT, Oauth2 etc. This is by far the best video out there for people looking to implement JWT to secure their endpoints. I guess it shouldn't be too hard to implement the refresh token on top of this right?

Hey, Dan. The only way to use a JwtEncoder bean with a symetric key(shared key) is implementing the JwtEncoder? I can't find ways to make it work with NimbusJwtEncoder :/

How do we check body against database users and not only one user?

Hey Dan,

I am asking this question to a lot of people and frustratingly I'm not really getting any responses, so I wanted to see if it's something you can help me with.

The question: Is Spring Security & JWT enough to securely authenticate my users so that I can build and grow a SaaS product, or would you do something extra to guarantee the security of your API? If so, what?

Thanks

Dan, so once this is implemented and i want to get a username of a user that's making requests, do I just inject Principal into controller methods?

This video was an absolute GOLD, Dan! Thank you

I've updated this test as below and worked.

@Test
void rootWhenAuthenticatedThenSaysHelloUser() throws Exception {
LoginRequest loginRequest = new LoginRequest("Lucas", "pass");
MvcResult result = this.mvc.perform(post("/token")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(loginRequest)))
.andExpect(status().isOk())
.andReturn();

String token = result.getResponse().getContentAsString();

this.mvc.perform(get("/")
.header("Authorization", "Bearer " + token))

.andExpect(content().string("Hello, Lucas"));
}

I have been searching for an easy to digest content on Spring Security, you gave exactly what I was looking for Dan Vega. Already subscrided and looking forward to seeing more amazing content from you.

Thank you.

Thank you so much sir!

Dan Vega, I just want to say that Im thankful for this and other tutorials you upload, and I mean that from the bottom of my heart. Im learning a lot from this kind of videos, you are capable of explaining complicated things in a short and clear manner.

Hi, nice video Dan!
I have a question, I am trying create new user for my MySQL database, (User user = new User()... repository.save(user) )but when I call token endpoint it returns 401:( Any idea how to fix it? Or do I have to create special User and store it?

good afternoon could you help me what is the password to get the token?

Thank you very much for this wonderful tutorial!

I got a question for a situation where we are using /token api, why do we get a 401 when a user who isn’t registered (exist in the database or in memory database) but when the user exist but the password doesn’t match we get the correct error code of 500?

It's very helpful video, great! But I have one question. How to make a logout?

It's the video I was looking for. Thank you for making it!

I would appreciate having a tutorial for role based authentication. Also can you make a discord server? Feels like having a community would help us to learn from experienced devs about spring and programming in general.

Nice tutorial, most jwt tutorial out there uses external library to generate keys for your project. Authentication is hard to learn and you're rocking it.

Next videos please about how to pass jwt into headers

More videos

Another great video, thanks Dan! Just a quick addition: if you are using a custom password encoder (i.e. the BCryptPasswordEncoder) you then have to pass that to the DaoAuthenticationProvider as well.

91st...Thanks Dan

Hi, what "{noop}" literal do inside password of a user created in userDetailsService() bean? I know that it is omitted but why?

It must be related to Password Encoder. Without literal inside user password the following exception is thrown:
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id \"null\"

Nice one

Thank you for amazing tutorial . I have been following this channel for a while you share really good knowledge to us . Please can you make video on spring security with jwt which is ready for production .And please if you could explain about refresh token and session creation policy.