Full Stack OAuth 2 - With Spring Security / React / Angular - Part 2

preview_player
Показать описание
In this live event, we discuss implementing authentication with OAuth 2 / Open ID Connect from backend to frontend. My guest, Liviu Bobocu, frontend expert, will help me prove the implementation of a frontend solution. This frontend solution will use a Spring-driven authorization and resource server.

What you'll learn:

- How to create a Spring Security authorization server using the new authorization server project
- How to configure a Spring Security resource server with JWT authentication
- How to build a React frontend client which authenticates using JWT
- How to build an Angular frontend client which authenticates using JWT
- Best practices for your authentication implementation on both backend and frontend
  1. Laur Spilca
Рекомендации по теме
OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

Full-Stack Implementation of 0:09:19

Full-Stack Implementation of OAuth 2 Authentication (Google & Facebook) with NextJS and NodeJS

OAuth2 Login Made 0:13:05

OAuth2 Login Made Easy in Java: A Spring Boot & Spring Security Walkthrough

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

Setup Google OAuth 0:06:51

Setup Google OAuth sign in 6 minutes

Full Stack OAuth 3:31:50

Full Stack OAuth 2 - With Spring Security / React / Angular - Part 1

Google OAuth 2.0 0:57:18

Google OAuth 2.0 With NodeJS (No Passport or googleapis)

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Complete Spring Security 3:25:38

Complete Spring Security with ReactJS | E-commerce Full-Stack Website | Part - 06

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

Auth0 in 100 0:08:24

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

Google OAuth 2.0 0:05:04

Google OAuth 2.0 Login for React in 5 minutes

Fullstack OAuth2 - 0:26:35

Fullstack OAuth2 - Angular, Spring Boot & Keycloak

Login / Signup 0:26:09

Login / Signup / SignIn with Google | OAuth2.0 | Using React and Express JS

OAuth 2.0 Implementation 1:11:15

OAuth 2.0 Implementation with Spring Security and Spring Boot | Full Example

Learn OAuth2.0 Authorization 0:55:58

Learn OAuth2.0 Authorization Server With Spring boot Setup | Latest | Beginner | Tutorial

Login With Google 0:18:01

Login With Google Using React & Node - MERN Auth 2.0

Full Stack OAuth 2:25:40

Full Stack OAuth 2 - With Spring Security / React / Angular - Part 2

Auth0 authentication in 0:12:52

Auth0 authentication in Reactjs using OAuth2

Spring Security OAuth2 0:00:43

Spring Security OAuth2 with Google JWT Source Code

Google OAuth Login 0:15:16

Google OAuth Login Application Using Java Spring Boot and ReactJS in Less Than 15 Minutes

DevOps Tutorial #6 1:02:32

DevOps Tutorial #6 - Deploying Full Stack Project (with Discord OAuth2) to ALL Servers

Build Auth Into 0:07:47

Build Auth Into Your Rust Web Application (OAuth2)

Spring Security 6 7:50:54

Spring Security 6 Masterclass with ReactJS, OAuth2, and JWT by Building a Project

Комментарии
Автор

first, your video on youtube is very awesome, and learn a lot about open id knowledge, but still hope add some of the feather:1. authorities demo, user a has authorities , and he can only access scope_use;2. refresh_token use refresh_token when id_token is expired

allenlau
Автор

Hi Laur, how do I replace the Spring Security login form with a custom React login page, and how should I handle the login page submission from React JS?
In the video, the PKCE (Proof Key for Code Exchange) rule is not followed because you must not type the client secret, which is not secure, especially for SPAs, if I am not mistaken.

MirwaisFaizi
Автор

I was looking for end to end flow. This video is very useful. Thank you. How to support ‘Roles’? Should that be handled by resource server or authorization server?

maclovesgeet
Автор

Hi, I am looking for an example googleoauth - spring- react. Does this cover connecting to oauth2 ? If yes, then which repos (out of 5) are required for a simplae spring and react app that does google authentication?

croydonH
Автор

I want to refresh my expired Id token while trying to access protected resource from oauth2 resource server . And I have used oauth2 authorization server with angular application as a client with scope openid?

kamalmohansinghrana
Автор

Hi Laurentiu, thank you so much for the great session. I watched both parts.

I want to add the login form on the Angular client, instead of the default login on the auth server.
I have added the form and I send the request for login. But I'm having issues with redirection (angular ignores the redirect).
I would really appreciate if you or anyone who see this can point me to an example.

sanurahettiarachchi
Автор

I have just started learning spring security, this seems complex please recommend me a bigginner spring security startup point, if possible link, thank you ... I love your conten

denywiryksongs
Автор

Hi Im having the same situation with some of the commenters here where the login page is rendered on the client side and the credentials will be sent to the authorization server via a restful API(e.g. /auth/login) that accepts the username/password.

I currently am stuck on how to integrate this into the Spring Security OAuth2.0 implementation once the restful API receives the credentials.

johnhubertma
Автор

Hi Laurentiu, I have already created rest endpoints for direct authentication with user/pass, refresh with cookie or bearer, they respond with JWT access and refresh token and those are used elsewhere in the ecosystem. Now I have a requirement to create oauth2 server so other clients don't have user/pass flow directly through them but get back the same JWT access/refresh token we already have exposed in the rest service. Is there a way to integrate and delegate authenication and jwt creation to my pre-existing rest endpoint with spring authorization oauth2 server? hope this makes sense.

andre-codes
Автор

Can I login via Api like I wont the default login UI . IS it possible?

BulbulAhmed-oegi
Автор

hello, is it possible to use not spring generated login form but custom react form?

ИванСолодков-чр
Автор

Hi, is there a reason why react-router and react-router-dom are installed as dev dependencies? Are they not needed in the prod build? Thanks.

fiorini_mochachino
Автор

Hi Laurentiu

I have a few questions and was hoping to get your insight into the following scenario and to get your opinion as to how this should be solved or the best practices around this.

I have one system which holds the user credentials and the user is going to log into this system. Once they are logged in, they will SSO into our backend Authorization server who is going to validate certain claims sent as part of SSO JWT token. Once validated, we want to launch another Single Page Application (SPA) which is responsible for gathering certain data points and this SPA is going to talk to our Resource Server which hosts the API's. The API's are secure so we need to issue an access_token and refresh_token to the SPA.

So thinking in terms of OAuth2 specifications, Authorization Code Flow with PKCE would be the way to go.

My question is
How can we send access_token and refresh_token to SPA because SPA is not initiating the call ? I don't want to pass them as query params in the GET call for the launching of the main page of SPA.

Is it recommended that when the authorization server does a redirect to SPA (Angular application) that the SPA intercepts and then initiates a silent authorization call with prompt=none and generate a code challenge and code verifier and ask for the authorization code in the POST call. The authorization server receives the POST call and then issues the authotization_code and then SPA exchanges that for a access_token and refresh_token ?

Or is there another more better and simpler way to handle this scenario?

Your valuable insight would be highly appreciated.

Thanks and keep up the good work with all these videos, talks, and presentations.

kashifahmedkhan
Автор

I have a question, how to secure const client_id and client_secret, one way is to custom login config and login auth-server and return to client_id and client_secret to react-client, any better ideas?

allenlau
Автор

Hi Laurentiu, thx for the amazing video!

I Have a question, how do you implements log out with spring oauth2 authorization server ? once logged in, my app cant log out. Even after clearing all the token from the session storage, and then accessing the login page again, the app automatically logged in without inputting any username or password.

Thank you!

stephantommy
Автор

Hi Laurentiu,
somewhat off topic but:

Do you know a way how to implement a LDAP Authentication over CLIENT_CREDENTIALS?
I'm struggling to port our company's project to

Any help would be much appreciated :)

LukeSchneider
Автор

Hallo guys, thanks for this series..a question where do i input login details the username bill and password 12345 on the front end so that i can log in?

marypaul
Автор

Hi Laur, Liviu, or anyone who can help - In the above exercise we see default login page returned by spring security. How do I replace it with the custom react login page and then how do I handle the submit of the login page from React JS? I am using PKCE so once I submit login page, I believe we need to get the 'code' back in response?

sachinpachpute
Автор

i want the scope based on the userdetails not by client scope what can i do please help me ?

sanamudash