Implementing an OAuth 2 authorization server with Spring Security - the new way! by Laurentiu Spilca

preview_player
Показать описание
Spring I/O 2022 - Barcelona, 26-27 May

After project Spring Security OAuth has been deprecated, there was a lot of confusion in the community. You could use Spring Security to write the resource server but not the authorization server. But the dark age is now over.

OAuth 2 and OpenID Connect are tremendously important today since they represent the most used standards for implementing authentication in apps. Spring apps are no exception to this approach. We’ll start with a refresher on OAuth 2 and OpenID Connect and remember shortly how an authorization server was configured using the Spring Security OAuth project (now deprecated). Then, we’ll work on an example where we implement an authorization server using the new approach -the Spring Security Authorization Server project. You’ll learn how to use the new project to write your custom authorization server but also what advantages does this project brings above the old-fashioned way.
  1. Spring I/O
Рекомендации по теме
Implementing an OAuth 0:44:51

Implementing an OAuth 2 authorization server with Spring Security - the new way! by Laurentiu Spilca

OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

OAuth2 Login Made 0:13:05

OAuth2 Login Made Easy in Java: A Spring Boot & Spring Security Walkthrough

OAuth 2.0 Implementation 1:11:15

OAuth 2.0 Implementation with Spring Security and Spring Boot | Full Example

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

Implement OAuth 2.0 0:05:56

Implement OAuth 2.0 Authorization, ASP.NET web API

OAuth 2.0: An 0:06:34

OAuth 2.0: An Overview

Data-level permissions using 0:16:43

Data-level permissions using Posit Connect (with Databricks, Snowflake, OAuth)

Spring Boot Security 0:10:55

Spring Boot Security OAuth 2

Implementing OAuth 2.0 0:24:56

Implementing OAuth 2.0 from SCRATCH

Implement OAuth 2.0 0:05:06

Implement OAuth 2.0 in Python using your Client Credentials

OAuth2 & Spring 1:05:27

OAuth2 & Spring boot 3 & Social login | never been easier

#39 Spring Security 0:15:57

#39 Spring Security | Google and Github Login using OAuth2

Learn OAuth2.0 Authorization 0:55:58

Learn OAuth2.0 Authorization Server With Spring boot Setup | Latest | Beginner | Tutorial

An Illustrated Guide 0:16:36

An Illustrated Guide to OAuth and OpenID Connect

Full-Stack Implementation of 0:09:19

Full-Stack Implementation of OAuth 2 Authentication (Google & Facebook) with NextJS and NodeJS

OAuth2 0 Authorization 0:07:31

OAuth2 0 Authorization with Postman

[Spring Security] Mastering 2:01:24

[Spring Security] Mastering JWT with OAuth2 and JPA for Secure User Authentication & Authorizati...

Securing a Rest 0:28:02

Securing a Rest API using Custom OAuth2 Authorization Server - Part 1

Auth0 in 100 0:08:24

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

OAuth 2.0 and 1:02:17

OAuth 2.0 and OpenID Connect (in plain English)

API Gateway HTTP 0:11:13

API Gateway HTTP JWT Authoriser with OAuth2 (eg. Auth0) | Serverless Security

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

Комментарии
Автор

I love this guys channel. He really knows his stuff.

HenrryWithRs
Автор

Laur is a great teacher. I learned a lot from him!

adrianstefan
Автор

In looking through dozens of sites advising on this topic, it was super handy hearing him mention deprecated methods and implementations

joshzoolian
Автор

what about if i dont want jwt tokens? just like the old way which is using opaque token, is it possible? especially if the auth server and reaource server are in one project? hope you can have a demo

alxdm
Автор

Rename ProviderSettings -> AuthorizationServerSettings

ngocanha
Автор

I'm a beginner, I'm not really sure as to how that code_challenge was generated, can someone explain it?

nihmathaafiya
Автор

Help. It is statefull, isn't it?? because no sessionCreationPolicy configuration written. like

ridhopratama
Автор

Hi. Can i use a jjwt implementation instead of nimbous jwt?

rahmonaliyoqubov
Автор

Does JWT need to be stored on the server?

yuyeyang
Автор

I love this presentation! How to get the code and file on your presentation?

陈俏锋
Автор

Please can someone help me with the "code_challenge" i need to generate a SHA256 from any string like "anything" and in "code_verifier" i send "anything" ?

fredzouza
Автор

how the resource server knows this token is from the authorization server? minute 7:36 the diagram misses this point .

mohamedibrahim
Автор

Can we have multiple authentication manager configured for different purpose if yes then how?

mayankgupta
Автор

at the post request i'll always get {"error":"invalid_client"}, stackoverflow and github show solutions but only for version 0.2.. has someone an idea?

csvxmlfan
Автор

If I am going to user Redis to store token data, how do I create a filter that will fetch the token first on Redis before proceeding with the checking of JWT? I am planning to use Redis as a cache and Postgresql as the DB

testingdave
Автор

I loved the part where he mentioned about Log4J XD

AnkitKumar-owfg
Автор

Is it possible and supported in current version to change formLogin to httpBasic?

sergeybayramov
Автор

Where is the code challenge being maintained in the spring backend to validate against the code verifier? If it is in memory, it will cause an issue every time the server is restarted. The authenticated public client might use the non-existent code verifier.

rakeshnukapeyyi
Автор

I am getting error while using BCryptPasswordEncoder instead of NoOpPasswordEncoder. It says Encoded password does not look like BCrypt.

sadiulhakim
Автор

why I am getting this error ?
Error creating bean with name 'securityFilterChainAs' defined in class path resource

sabbirtanvir