Stand out from the crowd with real-world skills which you can learn from Educative: www.educative.io/unlimited?aff=x8XR If you are interested, subscribe to the plan that fits you from the above link.
IMO video covers lot of content but from very high level perspective. May be this video should be a part of a course on Spring security where it would be easy to tie things together. Even if we exclude Spring security part, oauth/openId API flows are not highlighted to make things stand out right. I would suggest to invest time in this only if you know oauth2/openId connect and Spring security beforehand and just need a quick refresher.
friends, 1. Authenticate and get token from one microservice 2. Then u can use that token for further requests either they are in the same microservice or different one 3. You just need to validate the token, get user details and set the security context holder This is basically a fliter for validating token does it make sense??
I think you need to implement the same but with client credentials grant type. read more about it, this where you don't have user or UI involved but many backend microservice needs to share data between eachother
At half stage it's like somethings come you are just copy pasting and it has become so less descriptive. Was expecting a lot in this video but was disappointed. Hope I can learn Oauth 2 in future
why when I run authorization server and client server I get login page without username and password field and I have instead two links in please sign page api-client-authorization-code and api-client-oidc links and on the top of them Login with OAuth 2.0 Login with OAuth 2.0 [authorization_request_not_found] api-client-authorization-code api-client-oidc
Thanks bro for sharing this detailed and updated Spring Security tutorial, could you please guide me how can I achieve same without loginform I mean I wanted to use OAuth2 for third parties API to API communication with Client Credentials.
Not able to run the security client . This error is coming Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient';
I have doubt brother, I have two RestApi's(customer,product) both api's need login username and password then only you can access those restapi's resource otherwise is not possible. In the Customer restapi's using RestTemplate to call product restapi's it show 403 forbidden error because of Product Restapi it asks again login details Brother. How to use Customer login details in Product Restapi brother How to solve this problem and what is the approach ( have any reference please send)....
Thanks Sabbir for tutorial.!!! im facing below error while running application.. "org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'"
@@rohitkumar-nf8et I have faced the same issue, resolving the dependencies correctly helped me to get out of the issue. By the way Where ever you use the webclient.get -> Webclient.create().get()..
The tutorial is good, but I felt its bit fast. And for me the theme of the IDE is not appealing, don't know how many liked this. It has too much contrast.
bro, the most important part is client register and authorization server config you copy and paste, we do not know where to take it and we got wrong to follow you and we do not know why we wrong bro
You put the auth project inside a folder. You have modules in your POM.xml "modules" there. I try to do the same here and it does not work. It looks like your tutorial start from the mid of the subject and we are missing the beginning of it. Do you have URL for the complete video? The client part of it (the beginning) isn't here.
I've watched AspNet Identity server videos, bootcamp videos but THIS IS THE MOST COMPLETE video on a full OAUTH implemenation because it has resource server as well. Superb. Just thanks man..
Client can be any user accessing the app. Can you elaborate on the User Resource Owner who is providing all details? As it's slightly tricky here as I am assuming Resource can be any URL endpoint within the application or microservice that the user wish to access. For all clients or users accessing the application, only one client ID will be used? Since you have demonstrated one unique client ID for OAuth. Is Bearer token created seperately for each client user accessing the application?
Thank you for your very comprehensive and useful training. Please, if it is possible, how to do this using reactJs, instead of using the login form, teach Spring Security, or if you have the source code, I would appreciate it if you could share it.
Since you are running the oauth-authorization-server and spring-security-client (separate) applications on the same database, isn't there a possibility that they can be out of sync since both apps are using separate connection pools, caches, etc ??? How would this be solved? Thanks for your insight on this!
They should be separate apps on different deployments. He used the same DB to simplify the demo for us instead of having multiple schemas and DBs to connect to.
Thanks Sabbir for tutorial.!!! im facing below error while running application.. "java.lang.IllegalStateException: Error processing condition on org.springframework.boot.autoconfigure.orm.jpa.JpaBaseConfiguration.jpaVendorAdapter"
Good video, rather clear. Any idea how to implement step-up authentication? From my client I want to ensure I get a certain Authentication context after authentication and re-authenticate using a differnet acr if needed.
@@ricanmalra No standard implementation for that. It's like you look up the userId in your DB or get some cached value in your cache. Do what you see fit in your specific situation to ban and find banned tokens.
Thanks for this. I tried implementing with spring-auth-server and API gateway as the client and always got Bad credentials. Not sure if using version 1.0.0-RC1 and spring boot 3.0.0-RC1 has anything to do with it!
Hi, I write you because I follow your tutorial step by step but when you tried to access to the client, the result should be to redirect to login page of the Authorization server but in my case I got the follow error message: "There was an unexpected error (type=Bad Request, status=400). [invalid_request] OAuth 2.0 Parameter: redirect_uri" I checked and I can see I have the exact same code, I tried to resolved this issue myself but I couldn't find an anwser about this error. Can you help me please to resolved it? Thanks & Regards
Great explanation, Consider this : If I have two client apps registered in auth server with contexts say /app1 and /app2. Now when I hit /app1 it redirects me to login page, when I log in for app1 I want it to automatically authenticate me for app2 as well. how can I achieve sso kinda thing ?
hey , I am using ping id for an authentication.But after session timeouts I am not able to redirect to SSO page as it says Open id connect issue however code is working fine in localhost! Any suggestions on this?
hi, can you put the authorization server and resource server in one spring boot app, not using modules in pom.xml? Say you create a class for the authorization server, then another for the resource server?
Sir Your Content is very Good.Sir please make a video in which i am creating a jwt token and with this token after authoriztion we can acess more than one microservice.
Why when i try to start the server, it is throwing an error Caused by: java.lang.IllegalStateException: Unknown provider ID 'spring' i'm using the same run application for my client and my auth-server, i don't want to have the resource server, can i keep continuing with that modification?
thank you for your comprehensive video, and nice explanation! downloaded your example and run it, but didn't know how can I register the user first in order to use it afterward in the login page, or should I insert it to mysql manually?
Hi everyone , I m facing this error when running web client Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'; Can anyone help me it's urgent . Thanks in advance.
Hi.. Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database. What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless). Should the Authorization Server be customized to connect to the identity provider Authorization Server and generate tokens from the custom Authorization Server? or Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider? Any code samples along with suggestions will be appreciated.
You don't need the Client app in your case, since you already have an Angular app (which will be the client). I think you need to add another AuthenticationProvider in your spring settings and add it to the current AuthenticationManager (where authentication happens against Ping Federate). This is a general idea of the implementation, let me know how it goes with you!
@@DailyCodeBuffer but it has error for client project Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'webClient' defined in class path resource [com/dmstts/client/config/WebClientConfiguration.class]: Unsatisfied dependency expressed through method 'webClient' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authorizedClientManager' defined in class path resource [com/dmstts/client/config/WebClientConfiguration.class]: Unsatisfied dependency expressed through method 'authorizedClientManager' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception; nested exception is java.lang.IllegalArgumentException: scope "openid´" contains invalid characters
Thanks for the video! I will watch on this week. Say, with this implementation I can generate a bearer token in a server to use to access an application? Do you have any video showing how to use it?
This is what the Resource Server does for you automatically. If you want to manually authenticate against the Authorization Server (regardless you're using Java/Spring or not), you will have to implement the following steps: 1- Generate the authorization request with all the Client registration details (client_id, state, grant_type, etc.) 2- Create an endpoint in your app where you can receive the code grant. 3- Get the token by making another request against /token endpoint on the authorization server (using the same above details,, in addition to the code you received in the second step and client_secret).
Thank you very much. Can you please make one example in microservices architecture ? Maybe you can apply the security on you microservice project from the other video please
Stand out from the crowd with real-world skills which you can learn from Educative: www.educative.io/unlimited?aff=x8XR
If you are interested, subscribe to the plan that fits you from the above link.
This is good one ,much love from Singapore
Thanks 🙏
not a beginner friendly tutorial at all
Great tutorial..
Like share and subscribe this video for Shabbir Brothet
worst video ever watched wasted my whole day
IMO video covers lot of content but from very high level perspective. May be this video should be a part of a course on Spring security where it would be easy to tie things together. Even if we exclude Spring security part, oauth/openId API flows are not highlighted to make things stand out right. I would suggest to invest time in this only if you know oauth2/openId connect and Spring security beforehand and just need a quick refresher.
Thanks for pointing it out!
Unbelieveable superb content, I think you just saved me in my current project at my dev job. Thanks so much ♥
🙏🏻🙏🏻❤️❤️
Great video 😊 I request you to please make video on Spring Security with JWT token with role based access.
great tutorials, can you please create a tutorials how to integrate this security in microservices,
I second this too
Yes That will be helful
Yes it will be helpful
friends,
1. Authenticate and get token from one microservice
2. Then u can use that token for further requests either they are in the same microservice or different one
3. You just need to validate the token, get user details and set the security context holder
This is basically a fliter for validating token
does it make sense??
I think you need to implement the same but with client credentials grant type. read more about it, this where you don't have user or UI involved but many backend microservice needs to share data between eachother
Can you please do a tutorial based on OAuth 2.0 with JWT token
Too much "copy paste these codes and don't worry" for my taste.
Half Video you went with explanation, other half you just ramped in with ready made code without any rationale
At half stage it's like somethings come you are just copy pasting and it has become so less descriptive. Was expecting a lot in this video but was disappointed. Hope I can learn Oauth 2 in future
why when I run authorization server and client server I get login page without username and password field and I have instead two links in please sign page api-client-authorization-code and api-client-oidc links and on the top of them Login with OAuth 2.0
Login with OAuth 2.0
[authorization_request_not_found]
api-client-authorization-code
api-client-oidc
Hi Brother, can you please provide at least 2 username with passwords so that I can test the case.
This is completely configured with database
You have to setup db
update it to spring boot 3
2 beans cannot create ( ClientRegistrationRepository , OAuth2AuthorizedClientRepository )
@Bean
OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository)
so complex, hard to understand the details
Thanks bro for sharing this detailed and updated Spring Security tutorial, could you please guide me how can I achieve same without loginform I mean I wanted to use OAuth2 for third parties API to API communication with Client Credentials.
Not able to run the security client . This error is coming
Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient';
how to integrate login with google
Can any one tell which theme he is using??
Xcode dark theme
In which video you have created the spring security client, from 17:00 mins it somewhat started confusing me.
Superb video.Can you make video about oAuth2.0 authorization with PKCE and BFF pattern?
I have doubt brother, I have two RestApi's(customer,product) both api's need login username and password then only you can access those restapi's resource otherwise is not possible.
In the Customer restapi's using RestTemplate to call product restapi's it show 403 forbidden
error because of Product Restapi it asks again login details Brother.
How to use Customer login details in Product Restapi brother
How to solve this problem and what is the approach ( have any reference please send)....
Thanks Sabbir for tutorial.!!!
im facing below error while running application..
"org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'"
use Webclient.create()
@@selvasudt where I need to add this .?
@@rohitkumar-nf8et I have faced the same issue, resolving the dependencies correctly helped me to get out of the issue. By the way Where ever you use the webclient.get -> Webclient.create().get()..
@@selvasudt I have used web client.creat in controller
@@rohitkumar-nf8et yeah I guess we have used hello controller I guess, where try using Webclient.create() might help you solve this problem.
The tutorial is good, but I felt its bit fast. And for me the theme of the IDE is not appealing, don't know how many liked this. It has too much contrast.
I am facing ERR_TOO_MANY_REDIRECTS
It would be great if you make JWT + OAuth2. There is no good lessons about this topin in youtube
Would be great if you update for spring 3.0 , Its not compatible with jakarta package i guess
after implements all i;'m not able to register and change or reset password in postman please make a video how to set oauth2 in postman
bro, the most important part is client register and authorization server config you copy and paste, we do not know where to take it and we got wrong to follow you and we do not know why we wrong bro
what about logout please so that too its most complex part and no tutorial available
Great Tutorials by the way can you share me an example Authentication service on the micro service environment.
You put the auth project inside a folder. You have modules in your POM.xml "modules" there. I try to do the same here and it does not work. It looks like your tutorial start from the mid of the subject and we are missing the beginning of it. Do you have URL for the complete video? The client part of it (the beginning) isn't here.
Link is in description
Reposting. How old is this video? Boot is 2.x which is quite old
I've watched AspNet Identity server videos, bootcamp videos but THIS IS THE MOST COMPLETE video on a full OAUTH implemenation because it has resource server as well. Superb. Just thanks man..
Thanks 🙏🏻
Hello, I could do a course on Spring webflux with MongoDB, it would be very helpful since there are not many videos about it, regards
In your video how you create the project that also you need to mention
Client can be any user accessing the app. Can you elaborate on the User Resource Owner who is providing all details? As it's slightly tricky here as I am assuming Resource can be any URL endpoint within the application or microservice that the user wish to access.
For all clients or users accessing the application, only one client ID will be used?
Since you have demonstrated one unique client ID for OAuth.
Is Bearer token created seperately for each client user accessing the application?
Good video, but I have one question. Why would you have User entity in authorization-service and also in the client-service?
Thanks for your tutorial!
How to configure registered clients with jdbc for multiple client apps?
i really like the content that you shared in the video. Can i get the source code?
Thank you for this amazing tutorial, can I ask how do you login using a api? (Postman request)
I have the same constraint.
FINALLY I've been waiting for this one!
Thank you for your very comprehensive and useful training. Please, if it is possible, how to do this using reactJs, instead of using the login form, teach Spring Security, or if you have the source code, I would appreciate it if you could share it.
Concept ✍nicely explained. 👍
Can you let me know the code or earlier part of the video 🤔 for configuring spring-security-client ❓
Since you are running the oauth-authorization-server and spring-security-client (separate) applications on the same database, isn't there a possibility that they can be out of sync since both apps are using separate connection pools, caches, etc ??? How would this be solved? Thanks for your insight on this!
I'm very curious as well, do you have an answer already?
They should be separate apps on different deployments. He used the same DB to simplify the demo for us instead of having multiple schemas and DBs to connect to.
which theme you are using in intellij?
Xcode Dark Theme
how to resolve UnsatisfiedDependencyException through field 'webClient'
Thanks Sabbir for tutorial.!!!
im facing below error while running application..
"java.lang.IllegalStateException: Error processing condition on org.springframework.boot.autoconfigure.orm.jpa.JpaBaseConfiguration.jpaVendorAdapter"
Good video, rather clear.
Any idea how to implement step-up authentication?
From my client I want to ensure I get a certain Authentication context after authentication and re-authenticate using a differnet acr if needed.
Can you explain how do the logout with opaqueToken... Thanks
To block stateless tokens (like Opaque or JWT tokens), you will need to check against some cache or endpoint, where you listed that token as banned.
@@cloudstackz do you have any example (repository) to how do ir? Thanks
@@ricanmalra No standard implementation for that. It's like you look up the userId in your DB or get some cached value in your cache. Do what you see fit in your specific situation to ban and find banned tokens.
hi bro can u please make the above video for spring security 6 and springboot 3+, please bro , there is urgent need
Thanks for this. I tried implementing with spring-auth-server and API gateway as the client and always got Bad credentials. Not sure if using version 1.0.0-RC1 and spring boot 3.0.0-RC1 has anything to do with it!
can you please help me with below query bro am tried all the possible ways to fix it but am unable to fix it.kindly help me bro
Hi,
I write you because I follow your tutorial step by step but when you tried to access to the client, the result should be to redirect to login page of the Authorization server but in my case I got the follow error message: "There was an unexpected error (type=Bad Request, status=400). [invalid_request] OAuth 2.0 Parameter: redirect_uri" I checked and I can see I have the exact same code, I tried to resolved this issue myself but I couldn't find an anwser about this error. Can you help me please to resolved it?
Thanks & Regards
Nice work. Could you please tell me how to change the default token endpoint from '/oauth2/token/' to '/oauth/token'
Any idea why it stops working when i replicate the same project with the lastest releases, i noticed you sre using java 11 and spring 2...
Great explanation, Consider this :
If I have two client apps registered in auth server with contexts say /app1 and /app2. Now when I hit /app1 it redirects me to login page, when I log in for app1 I want it to automatically authenticate me for app2 as well. how can I achieve sso kinda thing ?
I get: api-client-authorization-code is an unknown property, in yaml file of the client application.
while building this project getting invalid CEN header (bad signature)
hey , I am using ping id for an authentication.But after session timeouts I am not able to redirect to SSO page as it says Open id connect issue however code is working fine in localhost! Any suggestions on this?
When I clone your code it is not working and giving error securityfilter parameter set 0
I want to ask you
When i can get my tokens
Access token id tokens...
Thanks for everythings
Bro.. how will you consume third party api which is having oauth2 client credentials
In the latest version of spring boot authorization server is deprecated what we can use? Could you please make video on that?
hi, can you put the authorization server and resource server in one spring boot app, not using modules in pom.xml? Say you create a class for the authorization server, then another for the resource server?
I am new to Spring boot and I am unable to understand this code for spring security.
Bhai apna full form mai chal rahe .....roj video aa raha ....love from bottom of my heart
Thanks brother 🙏🏻
@@DailyCodeBuffer brother can you make a video on multipartfile ...dealing with images and files in rest API
Always with good content TQ sir
Thanks 🙏🏻
Can we apply all together by just one click run without run many modules at the same time?
Sir Your Content is very Good.Sir please make a video in which i am creating a jwt token and with this token after authoriztion we can acess more than one microservice.
Nice one loving your series. Please create a tutorial for spring cloud gateway with Oath2.0 security
Thanks 🙏🏻
@@DailyCodeBuffer please if is't possible to make spring cloud gateway with Oath2.0 security vedio.
The client is very nontrivial too. Is there a video describing how it's put together?
Bearer ❌ Barrier ✅
How can I manage authentication-aurhorization in micro services ?
How we can use this custom react or angular app client.
Why when i try to start the server, it is throwing an error
Caused by: java.lang.IllegalStateException: Unknown provider ID 'spring'
i'm using the same run application for my client and my auth-server, i don't want to have the resource server, can i keep continuing with that modification?
I was having bad identation in the provider: issuer-uri: :)
could you please help me to integration of okta in my application?
can we use properties file insted of database for authorization?
How i can implements technologie sso in this project ?????
Can you make this video with Keycloak?
Where are the videos containing the already written code
Very great explanation hats off to you for your efforts.
Thanks 🙏🏻 ❤️
thank you for your comprehensive video, and nice explanation!
downloaded your example and run it, but didn't know how can I register the user first in order to use it afterward in the login page, or should I insert it to mysql manually?
Hey man did you found the solution for this????
@rushikeshgodase4150 this is long time ago but I remeber I ended up inserting the user to the db
@@ahmedmazen5179 so you have inserted user manually???
How to implement custom login page in this example?
how can we do authorization based on grant authorities
?
Hi everyone , I m facing this error when running web client Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'; Can anyone help me it's urgent . Thanks in advance.
I'm having the same error did you ever figure out how to fix it?
Can we get tutorials on client credentials flow
Hi..
Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database.
What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless).
Should the Authorization Server be customized to connect to the
identity provider Authorization Server and generate tokens from the custom Authorization Server?
or
Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider?
Any code samples along with suggestions will be appreciated.
You don't need the Client app in your case, since you already have an Angular app (which will be the client). I think you need to add another AuthenticationProvider in your spring settings and add it to the current AuthenticationManager (where authentication happens against Ping Federate). This is a general idea of the implementation, let me know how it goes with you!
Can someone please confirm after the deprecation of oauth2 apis, are we somehow able to implement our own Authorization server or not? Please help.
Planning a video on that. Working on it
is it possible to do in java8
Yes
@@DailyCodeBuffer but it has error for client project
Error creating bean with name 'helloController': Unsatisfied dependency expressed through field 'webClient'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'webClient' defined in class path resource [com/dmstts/client/config/WebClientConfiguration.class]: Unsatisfied dependency expressed through method 'webClient' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authorizedClientManager' defined in class path resource [com/dmstts/client/config/WebClientConfiguration.class]: Unsatisfied dependency expressed through method 'authorizedClientManager' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception; nested exception is java.lang.IllegalArgumentException: scope "openid´" contains invalid characters
@@DailyCodeBuffer hi
Thanks for the video! I will watch on this week. Say, with this implementation I can generate a bearer token in a server to use to access an application? Do you have any video showing how to use it?
This is what the Resource Server does for you automatically. If you want to manually authenticate against the Authorization Server (regardless you're using Java/Spring or not), you will have to implement the following steps:
1- Generate the authorization request with all the Client registration details (client_id, state, grant_type, etc.)
2- Create an endpoint in your app where you can receive the code grant.
3- Get the token by making another request against /token endpoint on the authorization server (using the same above details,, in addition to the code you received in the second step and client_secret).
Any video for dynamic implementation with mysql ?? rather than Inmemory database ??
Did you find any answer yet ? I've been trying to figure this out and fail.
Your thumbnails are just recommendable ...which application you are using to make these
Thank you so much 🙏🏻🙏🏻
I am using Canva and sometimes Photoshop
What is the mod you're using?
Thanks brother! good job :)
Thank you very much.
Can you please make one example in microservices architecture ? Maybe you can apply the security on you microservice project from the other video please