Such a great video. Thank you! A lot of people would like to see how to implement oauth2 with a logic jwt, once you singed in with a google, front get the jwt token and invoke any methods with the jwt token. That is means logic with the jwt token will be not changed, but we added google oauth2. None of youtube videos about this issue…
Awesome video on OAuth 2.0 implementation using social logins. I never thought that this would be so much easier, but I think you made it easy to understand for beginners to experienced and seniors as well. Your contribution is very much valuable and I hope you get more and more support in terms of Subscription + likes + shares + comments.
Thank you so much, i've learned a lot from you, may the Almighty reward you ! The next thing i would like to learn from you is microservice and ci/cd approach.
Dear, I have gone through so many videos from paid courses as well but really didn't see any such tutorial. You really explained and demonstrated so easily. Salute to you. Keep it up. Thank you so much for such informative video.
@@BoualiAli In this session you explained very clearly and in depth about the oauth2 concepts and with an example of social login providers like google, facebook and github. What we are asking is, implemention of oauth2 using spring security without any external providers. At the high level 1. One spring boot application (Act as a authorization server) - This application is responsible for validating the user credentials, generating the token (JWT or JDBC) and validating the token. Hence user details needed to be stored in our database not in third party providers. 2. Another spring boot application (Act as a resource server) - This application may contains both secured and public endpoints. if user try to access the secured endpoints the request must be validated by our Authorization server application (We are sending the token as bearer in header). If a particular request is valid then we can access the secured endpoints otherwise un authorized. Hope i answered your question...
When I creating app in google cloud, it asking redirect-uri. It should end with login/oauth2/code/google and for github it should end with login/oauth2/code/github
@@BoualiAli yes, also google server send a token to this uri. And for normal recieve this token by spring ouath2 module, it should come exactly to the login/oauth2/code/google uri
Great video, thank you so much. How about Android applications? Where should I make configuration of Oauth2 in this case? In android application or as you have shown in Rest API ?
🤩 Video is awesome. i have few questions. ✋ What if our application uses all type of Auth. Email Password, Google, Facebook and Apple? and we also want to use the JWT for client & server communication? ✋ What about the mobile apps front end side to authenticate, mobile apps have different behaviour in Apple Authentication? 🤌 Please make a video for these requirements. i really want to learn all of these.🤌
Thanks. There is one more fantastic tutorial. Get a clear-cut idea of how it works flow-wise and implementation-wise. Can you help or provide some idea how to implement social media login with JWT
Nice video !! can you create a video about web security . a kind of road map or best practises a devloper can follow to make a safe application from different type of attacks
Hello @BoualiAli, I've been following your channel for while and i must say, you have one of the best springboot content on TH-cam. Well done. That being said, I have a question and I'd really appreciate your prompt response. How do I implement OAuth (in my case, Google and Facebook) together with traditional user login (username and password authentication)?
I must say Awesome and you cleared all my problems you deserve the all likes ,subscriptions and shares and reach the great heights in the future so coming to the point will you explain how to stay update of the technologies and for every 6 months spring team changing the methods and a lot so my question is how are you able to stay update with that if you don't mind will you explain this please brother
Quick question: My app uses the /register route for registering users and requires following fields: name; dob; email; password; weight; goal; In one of your other videos You have for the /register fields only email and password. How would the registering with google work, if I need not only email and password information, but also other information about the user and stroing that in a database
Nice video. But what if I have a custom token using Auth0, and I want to limit or bind oauth2 login page response to only a specific endpoint? I tried something like that using Spring Security 6.3.0, and I couldn't figure it out yet. /login to my custom JWT and /OAuth2 to be the receptor of the Google login page. When I used oauth2Login, the login page responds even in non-existent endpoints
wonderful video. Best teacher for spring boot. @Bouali Ali could you please make video for gateway + authentication-service(jwt) + other+services. means the user will ask other services through gateway. but gateway will allow or block the request by valider the token from authentication-service i use RestTemplate inside gateway to request authentication-service, but it does not work.
Hi @Bouali Ali, this video is so informative and well explained each and every step, Thank you for making this video. Could you please make a video where linkedin and twitter used as social login platform instead of github and google that can be very useful for us. Please make a video on this topic, request from your subscriber
when i using google provider. why does it show me "[invalid_id_token] An error occurred while attempting to decode the Jwt: The ID Token contains invalid claims: {iat=date}" ?
I liked the video and the explanation. Question: How can we control the user wether he's authorized to get ressource or not using the social auth. providers (school case: admin has full access and normal user have standard access) ? Thanks for responding.
This role base auth, You can save the user info locally and based on that you can assign him a role. You can also use your own oauth 2 server like keycloack and there you can assign roles
I have doubt like here like, whats the resource server in this? 1. Spring Boot Application 2. google/github resorces server. For OAuth usually the providers have the resources and these are authorized by the users so that the client application can access. Can you help me out?
Great video Ali. But I don't understand something, we say that resource server is our backend app, the client (the one who wants access to the resource uri) is the browser, and authorization server is GitHub. But what exactly is the role of the application we created in github? Why we had to create this app and what is the relation with this app and our spring boot backend app? Also I didn't quite catch the clientId- secretId role. Thanks
I have to add this in my existing project , so when I add the dependency for oauth resource server in my Pom file it shows not found. Can you tell me how can I add ?
Thanks always for your easy to understand videos. Quick question: I already have the jwt token authentication where a user signs up and the details are stored on my database, now i want to include the oauth2 authentication, where the user has an option to click on a sign in from google button. Would these two auth mechanisms be configured in thesame bean or they would have seperate beans for each? Also can I read the info of the user from google and save on my db? thanks in anticipation.
Thank you for sharing. I have som questions: after I login by gmail successfully, How can I use the credentials to access other services in microservices? Do I need create new access token to return to frontend? how to generate access token after login successfully?
Is it possible to build a service to support multiple external authorization services and then the service itself acts as an authorization service so that there is always only one auth server for the multiple oAuth clients?
thanks a lot ! this was very helpful but I have a couple of question, how can you use a custom login form for OAuth2 and how can you combine OAuth2 and JWT mechanism ? Thanks a lot in advance
How can i make so that a frontend application can access the authorized backend data? I.e we authorize through backend login but then show this data in our front end?
@@BoualiAli so for example I have a end point @3000 for front end and auth page @8000 local host I redirect and login. It gets authorized for me but not the front end point @3000 I'm not sure if I'm explaining it that great and there may be a gap in my knowledge but that's the issue I'm facing
Hello i have register login with jwt now i want to add also social login can i make the user login and generate for him jwt token after successful login? and in the db what do i save if i dont have password since social login doesnt require pw hope you help and thanks.
Hello sir, you're doing great, in the next video, could you guild us how to build our own Auth2 server in Spring, and every time a resource server receives a request, resource server will talk to Auth2 sever to check if token is valid.
Hello. Thanks for the video. I clone this project in my intellij and, with my google account, request loop on google oauth authentication and never give the controller answer "Hell OAuth2". It's a problem of ... something but what ? console app config ?.
The Oauth 2 is jwt based auth too. But the users are not stored on your side but on the auth provider side. I will create soon a video about keycloak and you will understand the oauth2 process much better
@BoualiAli Thank you for this great video. I want to ask that is there a way this can be used to the app itself(Like the JWT) without going to the third-party app like facebook or github? Please tell me how.
Thanks for this video. If its for the first time that client is visiting this endpoint and needs to have a user account, can we create a user account with OAuth2 login? And if so, how to do that?
The user should create an account on (Github, facebook, ...) and the use it. Your application should not really care about that. It is totally up to the client to do that
Personally, I don't consider VSC as the best IDE for Java development. The deprecations you see might be valid if you are using Spring boot 3.1 otherwise you can ignore them for the moment
is there any difference between making spring boot project on spring initializr website and doing that inside intellij? In intellij we can also use spring initializr
Hello Ali. Thanks for this video. But I have a question. I want to take google users info for example mail, name, surname etc. after this part. How can I do this?
![Spring boot 3.0 - Secure your API with JWT Token [2023]](http://i.ytimg.com/vi/BVdQ3iuovg0/mqdefault.jpg)
![Spring boot 3.0 - Secure your API with JWT Token [2023]](/img/tr.png)
Join the Micro Services course waiting list and get and get an exclusive *EARLY-BIRD discount*
aliboucoding.ck.page/d0f9317e13
i will buy your course if it using security for each service and using angular or reactjs for frontend
@BoualiAli could you please share the information of follow up video for custom Authorization
Wow, what an incredibly helpful video on Spring Boot! 🌱👍 I really appreciate the clear explanations and step-by-step instructions provided.
Thank you Ali I really appreciate you very much, stay blessed and God help you in all your endeavors. To find ones withh such a heart is rare
Thank you so much brother
JZK ❤️❤️
Such a great video. Thank you! A lot of people would like to see how to implement oauth2 with a logic jwt, once you singed in with a google, front get the jwt token and invoke any methods with the jwt token. That is means logic with the jwt token will be not changed, but we added google oauth2. None of youtube videos about this issue…
I really have this video idea on my todo list. it is just a matter of time and it will be done ASAP
@@BoualiAli Any update regarding this topic so far? Would be intersting to see it in combination with angular.
Awesome video on OAuth 2.0 implementation using social logins. I never thought that this would be so much easier, but I think you made it easy to understand for beginners to experienced and seniors as well. Your contribution is very much valuable and I hope you get more and more support in terms of Subscription + likes + shares + comments.
Great to hear!
Great Video. It would be cool to see how the workflow looks when it is combined with a usual JWT Token authenticated with credentials.
Working on it already
@@BoualiAli Btw. what is the theme you are using?
@@zabialy2919 it is the default theme of the new version of intellij
Thank you so much, i've learned a lot from you, may the Almighty reward you !
The next thing i would like to learn from you is microservice and ci/cd approach.
I’m preparing a good thing about microservices
Just still need some time to make it done ✅
you are really awesome..Thank you for this valuable session..
Glad you think so!
Thanks buddy and i like how your doing real solutions example which someone can apply to their personal project Next maybe we should host this app now
Really happy you liked it
@@BoualiAli when can we expect the combined oauth and jwt authentication??
this video is so simply for every one to understand..can you make more videos on this?
Really happy you liked it
Sure I will
Thank you. Very userful for beginners.
Happy you liked it
Dear, I have gone through so many videos from paid courses as well but really didn't see any such tutorial. You really explained and demonstrated so easily. Salute to you. Keep it up.
Thank you so much for such informative video.
I really appreciate and like your comment and feedback
Glad it was helpful!
I hit like before I even watched it .......knew it was gonna be great , and it was !!
Best comment ever.
You just made my day. Thanks a lot bro
9:41 amazing diagram to understand.
Great content, can you please guide us on using JWT oauth2 in the combination of Authorisation server and resource server
This is what the video is about.authorization and resource server.
Can you explain more?
exactly
@@BoualiAli In this session you explained very clearly and in depth about the oauth2 concepts and with an example of social login providers like google, facebook and github. What we are asking is, implemention of oauth2 using spring security without any external providers. At the high level
1. One spring boot application (Act as a authorization server) - This application is responsible for validating the user credentials, generating the token (JWT or JDBC) and validating the token. Hence user details needed to be stored in our database not in third party providers.
2. Another spring boot application (Act as a resource server) - This application may contains both secured and public endpoints. if user try to access the secured endpoints the request must be validated by our Authorization server application (We are sending the token as bearer in header). If a particular request is valid then we can access the secured endpoints otherwise un authorized. Hope i answered your question...
@@vageeshanvageesh5583 now it’s clear
I will take note of that and prepare a course about it
@@BoualiAli Thank you so much man, Im trying to implement this from past months but no luck, If you have some time please guide us on this.
COUPON Code: *EARLYBIRD20* => Spring Data J PA course: aliboucoding.com/p/the-full-guide-to-master-spring-boot-data-jpa
When I creating app in google cloud, it asking redirect-uri. It should end with login/oauth2/code/google and for github it should end with login/oauth2/code/github
The redirect URI is where do you want to be redirected after a successfull login
@@BoualiAli yes, also google server send a token to this uri. And for normal recieve this token by spring ouath2 module, it should come exactly to the login/oauth2/code/google uri
Thank you so much for this video.
You are great teacher.
Excellent video! Thank you!
Glad you liked it!
Excellent explanation 🙌🏻 Keep videos like this coming 🙌🏻
Absolutely
Thank you for the feedback
zo'r chiqibti👍👍👍👍
Thanks a lot boss. Your courses are really helpfull to me.
Thanks
Really happy to know that
Well explained. Thank you Ali
Really happy you liked it
Great video, thank you so much. How about Android applications? Where should I make configuration of Oauth2 in this case? In android application or as you have shown in Rest API ?
🤩 Video is awesome. i have few questions.
✋ What if our application uses all type of Auth. Email Password, Google, Facebook and Apple? and we also want to use the JWT for client & server communication?
✋ What about the mobile apps front end side to authenticate, mobile apps have different behaviour in Apple Authentication?
🤌 Please make a video for these requirements. i really want to learn all of these.🤌
I already planned this video but I just can't find enough time to do it.
But I will so soon
really appreciate your support sir, please make a vedio for login form with latest version of spring boot + jwt security+angular ui.. thanku
Already uploaded
Thank you So much , Like before watching
So nice of you
Hey Bouali, you are really doing a great work here.
Thanks a lot
Great content aloulou, thank you so much bro
Ny pleasure bro
Thanks. There is one more fantastic tutorial. Get a clear-cut idea of how it works flow-wise and implementation-wise. Can you help or provide some idea how to implement social media login with JWT
I will try to cover it ASAP
Thanks for sharing Ali
My pleasure
Thank you so much for this video
You're so welcome!
Nice video !! can you create a video about web security . a kind of road map or best practises a devloper can follow to make a safe application from different type of attacks
I will create soon a video about software quality and best practices. I will also consider a video about security
Linking the link in the description lol Thanks Alibou..
Happy you liked it!
Hello @BoualiAli, I've been following your channel for while and i must say, you have one of the best springboot content on TH-cam. Well done. That being said, I have a question and I'd really appreciate your prompt response. How do I implement OAuth (in my case, Google and Facebook) together with traditional user login (username and password authentication)?
Thanks, will do!
thank you so muchh
Thank you for explanation
My pleasure
Thanks for the video.
Do you have any plans to make video about using both jwt token authentication and identity provider (oauth2) together ?
keycloak video is coming next week
I must say Awesome and you cleared all my problems you deserve the all likes ,subscriptions and shares and reach the great heights in the future so coming to the point will you explain how to stay update of the technologies and for every 6 months spring team changing the methods and a lot so my question is how are you able to stay update with that if you don't mind will you explain this please brother
I really appreciate the feedback
Thanks a lot, you are really inspiring and motivating me with your sharing and guidance.
Thanks a lot bro.
You’re my motivation
Quick question:
My app uses the /register route for registering users and requires following fields:
name;
dob;
email;
password;
weight;
goal;
In one of your other videos You have for the /register fields only email and password.
How would the registering with google work, if I need not only email and password information, but also other information about the user and stroing that in a database
You request them as scopes and you will receive them in the token
Great job 👍👍
Happy you liked it
Nice video. But what if I have a custom token using Auth0, and I want to limit or bind oauth2 login page response to only a specific endpoint?
I tried something like that using Spring Security 6.3.0, and I couldn't figure it out yet.
/login to my custom JWT and /OAuth2 to be the receptor of the Google login page.
When I used oauth2Login, the login page responds even in non-existent endpoints
Hi ali , appreciate your support .. can you update the method for the new spring security and adding it for jwt security ?
Thank you
Updated
@@BoualiAli
In which video please ?😅
@@kareemmosafi2117 check the spring security playlist
great content
Subscribed -:) awesome content
Happy to have you here 😁
wonderful video. Best teacher for spring boot. @Bouali Ali could you please make video for gateway + authentication-service(jwt) + other+services.
means the user will ask other services through gateway.
but gateway will allow or block the request by valider the token from authentication-service
i use RestTemplate inside gateway to request authentication-service, but it does not work.
I will publish a video like that soon
@@BoualiAli t'est le meilleur
how can i add this to my current custom register login with jwt ! and what do i save in the db if i dont have pw for the user
better use keycloak.
check the video in my channel.
I will release a new one how to integrate it with spring boot and angular
Thanks for the video it helped a lot .A question how can one customize the sign in page and thanks
Wait for the Keycloak video and you will never use another tool
@BoualiAli where is the follow up video for custom Application authentication using springBoot?
check the book social network playlist
Thank you
You're welcome
Good content
Really happy you liked it
Great Content 📈
Thanks bro
Hi @Bouali Ali, this video is so informative and well explained each and every step, Thank you for making this video. Could you please make a video where linkedin and twitter used as social login platform instead of github and google that can be very useful for us. Please make a video on this topic, request from your subscriber
Really happy you liked it
Already preparing the content
@@BoualiAli sound awesome ❤️
Nice one... Can you please create video on sign up with apple
It is the same concept
Good job.
Thanks bro
Perfect video
Thank you!
Thank you Ali for neat explanation.
Your intellij setup is looking good, may I know which theme and icons pack are you using?
Thanks for the feedback.
This is new UI theme from the latest version of intellij
when i using google provider. why does it show me "[invalid_id_token] An error occurred while attempting to decode the Jwt: The ID Token contains invalid claims: {iat=date}" ?
I liked the video and the explanation.
Question: How can we control the user wether he's authorized to get ressource or not using the social auth. providers (school case: admin has full access and normal user have standard access) ?
Thanks for responding.
This role base auth,
You can save the user info locally and based on that you can assign him a role.
You can also use your own oauth 2 server like keycloack and there you can assign roles
Thank you very much! Is it possible to make a video for setting up Signle Sign On auth server (SSO) with social login?
Soon
I have doubt like here like,
whats the resource server in this?
1. Spring Boot Application
2. google/github resorces server.
For OAuth usually the providers have the resources and these are authorized by the users so that the client application can access.
Can you help me out?
Very nice video. But what if you have for example react app on frontend/client that has regular form login with also social login.
This is the next Oauth 2.0 video
How to implement fullstack login
@@BoualiAli looking forward to it!
@@BoualiAli Also looking forward to that!
You are great.
Thank youu 🙏
Could you please show different ways of applying or using of "rememberMe" in spring boot 3 (spring security 6)?
I will make a video for that
Great video Ali. But I don't understand something, we say that resource server is our backend app, the client (the one who wants access to the resource uri) is the browser, and authorization server is GitHub. But what exactly is the role of the application we created in github? Why we had to create this app and what is the relation with this app and our spring boot backend app? Also I didn't quite catch the clientId- secretId role. Thanks
in order to be able to use Github as an ID provider
thank you!!
welcome
I have to add this in my existing project , so when I add the dependency for oauth resource server in my Pom file it shows not found. Can you tell me how can I add ?
Thanks always for your easy to understand videos.
Quick question: I already have the jwt token authentication where a user signs up and the details are stored on my database, now i want to include the oauth2 authentication, where the user has an option to click on a sign in from google button. Would these two auth mechanisms be configured in thesame bean or they would have seperate beans for each? Also can I read the info of the user from google and save on my db?
thanks in anticipation.
You can have them both together.
I’m working on a course that covers this two options with an angular frontend
@@BoualiAli thanks a lot for responding. awaiting the course.
@@BoualiAli would love to see this in Angular implementation too.
Thank you for sharing. I have som questions: after I login by gmail successfully, How can I use the credentials to access other services in microservices? Do I need create new access token to return to frontend? how to generate access token after login successfully?
Elegancko
Happy you liked it
i cant use the .Oauth2Login() in the security filter. please is there a new way to use Oauth in spring?
check today's video for a detailed answer
Proud of you brother ;)
Thank you so much brother. Happy to know that you still check on me
Is it possible to build a service to support multiple external authorization services and then the service itself acts as an authorization service so that there is always only one auth server for the multiple oAuth clients?
Please do a .video on Spring Security and Azure SSO.
I will try to
Where are you creating the front end page in this one,can you please explain it
That page is automatically generated by spring
Amazing sir, i follow your video about spring security. How can i add the capability login social media to Spring security with jwt before?
I will publish it soon
@@BoualiAli thank you sir. I wait your video
I can't integrate OAuth2 in a Rest api secured with JWT.
Naxt: Please make a video on If someone register in our app using social account then how that user details will be stored in our database.
Coming soon
thanks a lot ! this was very helpful but I have a couple of question, how can you use a custom login form for OAuth2 and how can you combine OAuth2 and JWT mechanism ? Thanks a lot in advance
Coming soon
How can i make so that a frontend application can access the authorized backend data? I.e we authorize through backend login but then show this data in our front end?
Just redirect the frontend to the login url
@@BoualiAli so for example I have a end point @3000 for front end and auth page @8000 local host I redirect and login. It gets authorized for me but not the front end point @3000 I'm not sure if I'm explaining it that great and there may be a gap in my knowledge but that's the issue I'm facing
Can you add logout feature (say from react by using fetch)
soon
Question : at 29:00 , why you choose desktop app and not web application ?
we app is M2M
Hello i have register login with jwt now i want to add also social login can i make the user login and generate for him jwt token after successful login? and in the db what do i save if i dont have password since social login doesnt require pw hope you help and thanks.
Great tutorial, what about open id connect? how to do authentication?
I need to try that first and then I will let you know
please create a video on OAuth 2.0 using Azure active directory using Graph API
Will try to
how to configure our own oauth (other than Google, Github, Facebook)? Did you make a video about that? thanks
I will create one about keycloack soon
Hello sir, you're doing great, in the next video, could you guild us how to build our own Auth2 server in Spring, and every time a resource server receives a request, resource server will talk to Auth2 sever to check if token is valid.
Happy you liked it
I will for sure
Hello. Thanks for the video. I clone this project in my intellij and, with my google account, request loop on google oauth authentication and never give the controller answer "Hell OAuth2". It's a problem of ... something but what ? console app config ?.
did you change the credentials?
@@BoualiAli Sorry do not answer before. I must have made a mistake but I don't know what mistake. I started from scratch and it worked.
excellent as always !
can we use DaoAuthenticationProvider with Oauth 2 ? i mean 2 types of authentication
The Oauth 2 is jwt based auth too. But the users are not stored on your side but on the auth provider side.
I will create soon a video about keycloak and you will understand the oauth2 process much better
@BoualiAli Thank you for this great video. I want to ask that is there a way this can be used to the app itself(Like the JWT) without going to the third-party app like facebook or github? Please tell me how.
If I correctly understood you question, YES it is possible but you need to implement your own Auth server / resource server
Hi, can you provide any solution to integrate OAuth2.0 with existing JWT?
Thanks for this video. If its for the first time that client is visiting this endpoint and needs to have a user account, can we create a user account with OAuth2 login? And if so, how to do that?
The user should create an account on (Github, facebook, ...) and the use it.
Your application should not really care about that. It is totally up to the client to do that
Vscode is saying basically everything in SecurityConfig is deprecated
Personally, I don't consider VSC as the best IDE for Java development.
The deprecations you see might be valid if you are using Spring boot 3.1 otherwise you can ignore them for the moment
is there any difference between making spring boot project on spring initializr website and doing that inside intellij? In intellij we can also use spring initializr
No difference. Both are calling the same API
When can we expect a video with both OAuth2 and JWT Token? I'm stuck with this part and I can't seem to find a way to solve it
I will try to record it ASAP
@@BoualiAli Thank you for your time! Can't wait!
Currently I'm using spring boot 2 version, Is this tutorial applicable for me?
Yes
can someone tell me how to authenticate this using frontend as react I am unable to do this with frontend someone please help me finding solution
Wait for the keycloak video coming next week
Hello Ali. Thanks for this video. But I have a question. I want to take google users info for example mail, name, surname etc. after this part. How can I do this?
I'm already working on it.
It will be released really soon