Going Full OAuth with the new Spring Authorization Server in Spring Boot 3.1! #oauth2 #oauth

preview_player
Показать описание
Hi, Spring fans! We're doin' it! We're looking at the new Spring Authorization Server auto-config in the just-released Spring Boot 3.1, and I'll be joined by Spring Security legend Steve Riesenberg
  1. Coffee + Software
  2. Oauth
  3. Oauth2
  4. Security
  5. Oidc
  6. Microservices
Рекомендации по теме
Going Full OAuth 1:12:13

Going Full OAuth with the new Spring Authorization Server in Spring Boot 3.1! #oauth2 #oauth

OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

An Illustrated Guide 0:16:36

An Illustrated Guide to OAuth and OpenID Connect

The BEST OAuth 0:13:59

The BEST OAuth Golang Tutorial for Authentication | Sign In With Google

What is OAuth 0:05:59

What is OAuth and why does it matter? - OAuth in Five Minutes

4D Webinar - 1:10:25

4D Webinar - What's new in 4D 20 R5 [English - EMEA & APAC]

OAuth 2.0 Implementation 1:11:15

OAuth 2.0 Implementation with Spring Security and Spring Boot | Full Example

What's going on 0:17:18

What's going on with the OAuth 2.0 Implicit flow?

OAuth 2/OpenID Connect 3:55:15

OAuth 2/OpenID Connect with Spring Security Marathon

Auth0 in 100 0:08:24

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

What Is Single 0:04:54

What Is Single Sign-on (SSO)? How It Works

Setup Google OAuth 0:06:51

Setup Google OAuth sign in 6 minutes

OAuth 2.0 and 1:02:17

OAuth 2.0 and OpenID Connect (in plain English)

Easy OAuth with 1:39:39

Easy OAuth with the Durable Spring Authorization Server

OAuth all the 0:53:12

OAuth all the Things! What is OAuth 2.0?

Google OAuth 2.0 0:05:04

Google OAuth 2.0 Login for React in 5 minutes

Oauth 2.0 Endpoints 0:06:59

Oauth 2.0 Endpoints and Authorization Grant.

'Basic Authentication' in 0:05:07

'Basic Authentication' in Five Minutes

Why node.js is 0:05:48

Why node.js is the wrong choice for APIs (and what to use instead)

The Danger of 0:00:53

The Danger of Malicious OAuth Apps

Introduction to OAuth 2:43:46

Introduction to OAuth 2.0 and OpenID Connect By Philippe De Ryck

Комментарии
Автор

You guys are just amazing, I was blushing all the time. Great learning experience :)

mrcoder
Автор

Josh acted like he doesn't knw 😂! Pretty entraining and easy grasping content! We really waited for Spring Authorization server to be in spring eco-system! Excellent content but plz upload in high resolution

alltechtrickstips
Автор

Security is hard, after watching the video it hasn't gotten any easier 🤣, but if you can do all this in 1 hour, then it's certainly manageable for the rest of us 👍.
Kudos to the Spring team for this great effort 🔥.

janyoussef
Автор

Thanks guys. This video actually cleared most of the doubts I had with the authorisation server. Awesome!

rkalyankumar
Автор

And what if fe have auth server and resource server in same app and we use symmetric key?

blacky
Автор

First of all, guys, amazing video, I enjoyed it all the way from the beginning till the end.
One question in my mind right now. How flexible is SAS for changing the view (HTML & CSS) of the Login page or Consent page as well?
I remember having so many troubles doing those things with Cognito or Keycloak, I really hope SAS gives more flexibility.
Thanks and all the best to you guys.

markostrisko
Автор

Hoping for a follow-up discussion or tutorial with how UI app (Angular or React.js) works with it.

julianjupiter
Автор

Hello, josh. Could we config of that in the same module without splitting in subprojects?

sivlayyi
Автор

I tried doing this exact implementation, but I containerized it using docker compose, and I'm constantly getting bad client?
I wonder if there's something additional required.

treefrog
Автор

Great video. Very informative. I am running into issues though. On form login I keep getting an error with status 999. This occurs after the post. Any advice or general direction to check? I do have it on stackoverflow which has a lot more detail (such as pom.xml and config file). Thanks and keep up the great work!!

fqvjkqq
Автор

Very awesome. Can you please help understand when should we use access_token Bearer token as opposed to API Key's? Sometimes API's are secured using API's key (api key and secret key combinations) instead of access_token Bearer token ; can you please help explain.

vipinkoul
Автор

Thanks for great overview.
I have one question, is authorization_code flow is PKCE enabled?

arjitmishra
Автор

By just following you, I was able to successfully complete the authorization_code workflow. The only difference is, my resource server is an mvc, not rest. Now when I try to post a form, I get "An expected CSRF token cannot be found" with status code 403. As I am using thymeleaf, csrf is already there in the form. Any suggestion?

navkkrnair
Автор

Great stuff, Josh and Steve. The worst part seems to be all the config, which is mostly a one-off.

Speaking of security... I recommend moving off LastPass because of its poor security practices. We switched from LP to 1Password and really love it. Migration is easy and it is feature rich.

jackfrosch
Автор

Amazing content...Can we use revoke endpoint for logout? Or please suggest how to handle logout..

divyashreeb.l
Автор

Thank you for the presentation!
I have a (genuine) question: Why would I use Spring Authorization Server instead of, say, Keycloak?
Could you give some pros/cons?

cloudsquall
Автор

Thank you for the demo. It looks simple enough but I'm still confused about how to apply it to my own app. When securing a rest api that is consumed by a separate client app, can the authorization server live inside the rest api and serve the oauth endpoints on the same port as my rest api? Do I need the resource server in there as well? Would the client app use authorization_code grant type? Could you point me to some info on this? Appreciate the help!

NadaP.
Автор

I already watched out many videos like your, But I can't figure out how to register new users through the API. All are doing the same (In Memory User), a single admin user by coding and fixed. So I wanted to know how to register more than one users on Auth server through API like "api/auth/register". Hope you get my point and pls answer me.

subaratatubebd
Автор

This video is amazing, how do you able to execute "uao resourceserver.zip" and "http" and some other custom command, Have you created any aliases or custom scripts?

TaiChiSWAG
Автор

Using Spring Security and Auth Server is there an easy way to generate an access token programatically?

keithleo-smith