Spring Security Fundamentals - Lesson 16 - The OAuth2 Client

Great Course..! Thank You
Laur Spilca

shajahankattoor

Hello Laur been searching for a spring boot client example that implements AuthorizationCode flow, would appreciate if you could share such example the way you explained here.

TestUser-efsq

What does the proxy normally do? Is the pattern imagined as a ring that wraps around an object and intercepts all method calls and forwards them if necessary? 35:40

Sebastian-zscp

thanks for the tutorial and pl make video on oauth2 token save it was deprecated in old version

amitrathi-ness

Hello Laurentiu, I am sorry If I understood it incorrectly. The OAuth2 client doesn't require user details credentials as we have only configured client and it gives an access token. How?
Plus, my second doubt is, How would I integrate OAuth2 client with angular or UI app as it directly gives access token?

kumargaurav

Hi Laur, I am working on a requirement which is more or less similar to the password grant type. We would have 3-4 clients which would have their own custom UI for login. The clients would forward the credentials to the central authorization server for authentication and receive tokens. The tokens should serve as an SSO mechanism between these clients. Can I use OAuth2 components for this seeing as the password grant type is deprecated, and I am not following the Authorization code flow? Or will I have to write my own custom JWT token implementation for this?

SiddharthGadekar-edsd

Hey Laur, how is the client registration repository supposed to work, does it have to pull out the client information lilke the scope, grant type etc, from the database and pass it along to the auth server?

benacq

Hello Sir. Please what is the difference or maybe the parallel or nuance between RegisteredClient and RegistrationClient, RegisteredClientRepository and RegistrationClientRepository ?

lenigaussgauss

Hello Laurentiu, thank you for this lesson. Could you please share with us example for client with authorization code? Especcialy i want to understand shoul i make OAuth2AuthorizeRequest? And i saw example with annotation, but very interesing is how it works (how to get OAuth2AuthorizedClient object in method - not trought the anno?

nikolayveselov

can you make the use of the authorization server coding and the diagram and match which part is doing what?

santoshtimilsina

Hi
Can you explain a little how this work in case of a microservice app, where we have more services and an ApiGateway? it's not clear for me
do we get the roken in Api Gateway and then just send it to services?

Thank you

mihai.vlasceanu

Hi, by any chance, are you going to make a video on how to customize the approval/consent screen for Oauth?
Can't seem to find enough resources on that. Thank you

benacq

Hello Sir, I have configured my client using axios in React JS.
When I send out requests to the authorization server from axios, the browser (firefox/edge) sends out an OPTION request first to check the CORS headers - Pre-flight request.
The issue with this is when I send a POST request to "/oauth2/token" the browser first sends a pre-flight request to "/oauth2/token", hence, resetting my authorization code.
How can I DENY OPTION requests (pre-flight requests) to "/oauth2/token" sent by the browser or prevent OPTION requests (pre-flight) from resetting the authorization code.

felixnjunge

If we need to communicate between 2 resource servers for data transfers, how do we achieve this. My question is can a resource server be a webclient also. I tried but it gave error that webclient cannot be created. I am using Spring Auth Server

rajeevjayaram