Spring Security using OAuth2 in Spring Boot | Tech Primers

Nice Explanation Sir.....

Thanks!!

Nice video, good explanation, I have a question, can I implement OAuth2 authorization with code flow to call an API from another API?

The spring started you added is missing while i was working

why did you add background music... it is irrtating

Hi, When we need to go for OAuth2 and we need to go for JWT, and in which scenario goes for the certificates in the app server.

What is that irritating "right" every now and then

Excellent

U should have paint to give an overview,ur telling every thing orally,we r unable to imagine orally,next time pls use some slides or diagrams

Thank you for providing this

Would this still work currently? I followed this 100% but currently it critizies me for missing authentication and does not load the pages

Hi, I am using same code but I am getting this error This XML file does not appear to have any style information associated with it. The document tree is shown below.
<oauth>
<error_description>Full authentication is required to access this resource</error_description>
<error>unauthorized</error>

</oauth>

worst tutorial ever............

Great video bruh

I think this is just authentication. You have not done any authorization here. The principal you are displaying is returned during authentication.
Authorization would involve making a call to the auth server with grant_type= authorization_code and code=<auth_code>. That call will return an access token, which will then be used to call a protected resource. That flow is called Grant type: Authorization Code
There is another one called Grant Type: Client credentials, where you pass client id and client secret to the auth server and directly get access token (the call to get auth code is skipped).

Good tutorial, but it is outdated now.

awesome

Nice contents

Hi Ajay,

Excellent explanation. Very well done.

May I ask one question. We can restrict API access inside a resource server based on Role. In your video you have mentioned that Auth Service can be from google and resource server can be on local machine. If validation happens at Google then how role will be assigned. Google role may not be relevant for our local resource server .

Thanks,
Vivek

It's practical, but it won't explain how spring security works. You could just read the code from github in 5 mins, no need to watch it for 1 hour

how to implement authorization in swagger can you prepare that video please

May i know what is the Oauth2 version in this video?

the one i tried, seem like no more "@EnableOAuth2Sso"

the concepts in this video are depriciated. This video doesn't work.

Hi Did anyone got this error while starting the authentication server
Description:
Field authenticationManager in com.techprimer.security.springsecurityauthserver.config.AuthorizationServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)

Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.

It's very nice video thanks lot, can you please post video with JWT and with out form authentication of oauth2

just wanted to understand if the Oauth authorization along with authentication that you have shown in your code - is it covering OIDC flow as well?

Thanks Buddy for sharing your experience and knowledge...

Great Job , Thank you So much !!

Hi, is it possible to have two different oauth providers in the same application. And use them conditionally based on the requested url?

good job sir

while access the url localhost:8082/ui then i am facing issue. org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval.can any one help me. out

Not useful for 2020. Waste half an hour

I could have just downloaded the source code and go through that. He doesn't explain anything besides reading on what he types. Very low quality tutorial (if this is considered tutorial to begin with)

Is there any PDF while for code or link

Very good tutorial..thank you so much. Could you please explain why was the oAuth extra dependency required?

This is so damn difficult.

u have to elaborate more the concept of configuration

Hi Ajay,
I was looking for integration of spring boot with keycloack. Without using keycloak adapter . I want to use oauth2 and keycloak for rest api. I dont need any login screen just rest api which takes access token

I want to integrate google fit into my application and get data from there. How can i do this?

WebMVConfigurerAdaptor is deprecated :(

Awesome Video. I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs.
1st I got the access_token from that Service.
Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know.

setting the token in the cookie is a major vulnerability !!! the correct implementation is that the auth code shall be sent to the server side by web redirect, and then it shall be used in a server to server call to acquire the access token. the access token shall only be used on the back channel, which is the server to server call. single page applications can utilize PKCE update on the auth code grant type.

Nice video bro..i have one doubt,you explained about Authorizing secure URL etc..and where is the concept of access token and authorization code and where we are generating those.Can you tell how to test this in POSTMAN without that client project?

Doesn't work following this tutorial. It throws AuthenticationManager authowired bean exception while starting up the authorization server

Most videos will have just theory, but this has totally other side - just code without any explanation about the concept. ClientId/ClientSecret are for client application not for user as you mentioned in the video. I think authentication information will be in Authorization server not in resource server as you have put authentication manager in resource server configuration. After seeing this video, I have more confusion, then clarity – I think I have wasted one hour. Usually your videos are good but definitely not this one. Please give more information while coding so that so that the viewer can understand what the code is for. May be I am having too much expectation for your videos because of your other quality videos :(