Комментарии:
Nice Explanation Sir.....
ОтветитьThanks!!
ОтветитьNice video, good explanation, I have a question, can I implement OAuth2 authorization with code flow to call an API from another API?
ОтветитьThe spring started you added is missing while i was working
Ответитьwhy did you add background music... it is irrtating
ОтветитьHi, When we need to go for OAuth2 and we need to go for JWT, and in which scenario goes for the certificates in the app server.
ОтветитьWhat is that irritating "right" every now and then
ОтветитьExcellent
ОтветитьU should have paint to give an overview,ur telling every thing orally,we r unable to imagine orally,next time pls use some slides or diagrams
ОтветитьThank you for providing this
ОтветитьWould this still work currently? I followed this 100% but currently it critizies me for missing authentication and does not load the pages
ОтветитьHi, I am using same code but I am getting this error This XML file does not appear to have any style information associated with it. The document tree is shown below.
<oauth>
<error_description>Full authentication is required to access this resource</error_description>
<error>unauthorized</error>
</oauth>
worst tutorial ever............
ОтветитьGreat video bruh
ОтветитьI think this is just authentication. You have not done any authorization here. The principal you are displaying is returned during authentication.
Authorization would involve making a call to the auth server with grant_type= authorization_code and code=<auth_code>. That call will return an access token, which will then be used to call a protected resource. That flow is called Grant type: Authorization Code
There is another one called Grant Type: Client credentials, where you pass client id and client secret to the auth server and directly get access token (the call to get auth code is skipped).
Good tutorial, but it is outdated now.
Ответитьawesome
ОтветитьNice contents
ОтветитьHi Ajay,
Excellent explanation. Very well done.
May I ask one question. We can restrict API access inside a resource server based on Role. In your video you have mentioned that Auth Service can be from google and resource server can be on local machine. If validation happens at Google then how role will be assigned. Google role may not be relevant for our local resource server .
Thanks,
Vivek
It's practical, but it won't explain how spring security works. You could just read the code from github in 5 mins, no need to watch it for 1 hour
Ответитьhow to implement authorization in swagger can you prepare that video please
ОтветитьMay i know what is the Oauth2 version in this video?
the one i tried, seem like no more "@EnableOAuth2Sso"
the concepts in this video are depriciated. This video doesn't work.
ОтветитьHi Did anyone got this error while starting the authentication server
Description:
Field authenticationManager in com.techprimer.security.springsecurityauthserver.config.AuthorizationServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)
Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
It's very nice video thanks lot, can you please post video with JWT and with out form authentication of oauth2
Ответитьjust wanted to understand if the Oauth authorization along with authentication that you have shown in your code - is it covering OIDC flow as well?
ОтветитьThanks Buddy for sharing your experience and knowledge...
ОтветитьGreat Job , Thank you So much !!
ОтветитьHi, is it possible to have two different oauth providers in the same application. And use them conditionally based on the requested url?
Ответитьgood job sir
Ответитьwhile access the url localhost:8082/ui then i am facing issue. org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval.can any one help me. out
ОтветитьNot useful for 2020. Waste half an hour
ОтветитьI could have just downloaded the source code and go through that. He doesn't explain anything besides reading on what he types. Very low quality tutorial (if this is considered tutorial to begin with)
ОтветитьIs there any PDF while for code or link
ОтветитьVery good tutorial..thank you so much. Could you please explain why was the oAuth extra dependency required?
ОтветитьThis is so damn difficult.
Ответитьu have to elaborate more the concept of configuration
ОтветитьHi Ajay,
I was looking for integration of spring boot with keycloack. Without using keycloak adapter . I want to use oauth2 and keycloak for rest api. I dont need any login screen just rest api which takes access token
I want to integrate google fit into my application and get data from there. How can i do this?
ОтветитьWebMVConfigurerAdaptor is deprecated :(
ОтветитьAwesome Video. I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs.
1st I got the access_token from that Service.
Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know.
setting the token in the cookie is a major vulnerability !!! the correct implementation is that the auth code shall be sent to the server side by web redirect, and then it shall be used in a server to server call to acquire the access token. the access token shall only be used on the back channel, which is the server to server call. single page applications can utilize PKCE update on the auth code grant type.
ОтветитьNice video bro..i have one doubt,you explained about Authorizing secure URL etc..and where is the concept of access token and authorization code and where we are generating those.Can you tell how to test this in POSTMAN without that client project?
ОтветитьDoesn't work following this tutorial. It throws AuthenticationManager authowired bean exception while starting up the authorization server
ОтветитьMost videos will have just theory, but this has totally other side - just code without any explanation about the concept. ClientId/ClientSecret are for client application not for user as you mentioned in the video. I think authentication information will be in Authorization server not in resource server as you have put authentication manager in resource server configuration. After seeing this video, I have more confusion, then clarity – I think I have wasted one hour. Usually your videos are good but definitely not this one. Please give more information while coding so that so that the viewer can understand what the code is for. May be I am having too much expectation for your videos because of your other quality videos :(
Ответить