43:00 Why is there no audience passed in the authorization request (and thus an empty aud claim inside the JWT)? Should that not be the respective resource server/microservice? That would be especially interesting to see since there are multiple microservices being called.
Hello, I want to know if Is posible combine Spring Security with Azure Function, What I Want is secure my function using spring cloud and azure function and spring security. It could be posible ? Thanks you
I'm looking for a way to perform service to service authorization between a client app and a secured (with Keycloak) Spring Cloud Config Server. However, the config server contains properties that my client needs at startup. I know I can use a spring.factories file and define a custom configuration at bootstrap. Can I use that custom configuration to get my client authorized so it can request config properties?
I have a requirement to authenticate my rest endpoint using both okta and azure issuer url. Can anyone suggest how to implement this feature in spring security
Can the same resource be accessed with two different tenants? Can someone pls provide code for that . I am trying to access rest api using jwt generated By okta and azure ad b2c
Hey Chinmaya, the code can be found here: github.com/jgrandja/oauth2-protocol-patterns We were using the "s1p-2019" branch but the documentation is better on the "master" branch using UAA instead of keycloak.
Somehow I'm missing something here. All the amount of configuration just to get a couple of micro services secured is daunting. What will I have to do when adding a new micro service? It almost looks like I will have to do a new set of configuration here. So with say 500 micro services this is going to be a config nightmare. Surely this is not the way production security will have to be configured? If so, then Spring is loosing the plot bigtime.....
Hi Andre. Thanks for your comments and questions. I share your desire for a GREAT developer experience. As a user of spring security/boot, I've found the configuration to be quite minimal (e.g. vanilla resource server = dependency + jwk-set-uri property). The demo was intentionally more complex to help people with scenarios that go beyond "hello world". If there's a particular configuration that you find excessive, please share your suggestions by creating an issue on spring-security's github repo. Also, give me a shout and I'd be happy to discuss your situation! simplestep.ca/contact or twitter.com/doxsees. Cheers!
Thank you Stephen - still busy working through the video to try and get a proper understanding. Appreciate the feedback. I always try my best to get the full env running without going to github so that I understand what is being said.
thank you JOE
you make spring security easy for me , before i was heat it . but now , i see the full picture
thank you again .
go ahead
Glad you found the talk helpful, Ali!
43:00 Why is there no audience passed in the authorization request (and thus an empty aud claim inside the JWT)? Should that not be the respective resource server/microservice? That would be especially interesting to see since there are multiple microservices being called.
Hi @Springdeveloper, do you have complete course by this instructor? pls share if you have.
Is the project in any way still reachable? The slides linked in the video description are down too.
where I can download the demo project? thank you
Could you share your repository?
Hello, I want to know if Is posible combine Spring Security with Azure Function, What I Want is secure my function using spring cloud and azure function and spring security. It could be posible ? Thanks you
I'm looking for a way to perform service to service authorization between a client app and a secured (with Keycloak) Spring Cloud Config Server. However, the config server contains properties that my client needs at startup. I know I can use a spring.factories file and define a custom configuration at bootstrap. Can I use that custom configuration to get my client authorized so it can request config properties?
I have a requirement to authenticate my rest endpoint using both okta and azure issuer url. Can anyone suggest how to implement this feature in spring security
Can the same resource be accessed with two different tenants? Can someone pls provide code for that . I am trying to access rest api using jwt generated
By okta and azure ad b2c
github project?
Could you please share the Github code URL
Hey Chinmaya, the code can be found here: github.com/jgrandja/oauth2-protocol-patterns We were using the "s1p-2019" branch but the documentation is better on the "master" branch using UAA instead of keycloak.
Somehow I'm missing something here. All the amount of configuration just to get a couple of micro services secured is daunting. What will I have to do when adding a new micro service? It almost looks like I will have to do a new set of configuration here. So with say 500 micro services this is going to be a config nightmare. Surely this is not the way production security will have to be configured? If so, then Spring is loosing the plot bigtime.....
Hi Andre. Thanks for your comments and questions. I share your desire for a GREAT developer experience. As a user of spring security/boot, I've found the configuration to be quite minimal (e.g. vanilla resource server = dependency + jwk-set-uri property). The demo was intentionally more complex to help people with scenarios that go beyond "hello world". If there's a particular configuration that you find excessive, please share your suggestions by creating an issue on spring-security's github repo. Also, give me a shout and I'd be happy to discuss your situation! simplestep.ca/contact or twitter.com/doxsees. Cheers!
Thank you Stephen - still busy working through the video to try and get a proper understanding. Appreciate the feedback.
I always try my best to get the full env running without going to github so that I understand what is being said.
may be corona