Nobel Prize-winning physicist, Richard Feynman had once said: “You know you have mastered a skill, when you can teach it to a child”. Why? Because it forces yourself to understand the concept at a deeper level and simplify relationships and connections between ideas. Great Job Koushik! Thanks.
I just don't understand why some people would thumb down on this tutorial. In fact, all the tutorials from this channel are excellent. I learned a lot from them
@@phuang3 Relax. This particular video was bad, it doesn't mean the whole channel was bad. Whose rule is it that says you can't comment on the quality of a video unless you, yourself have your own channel? Grow up.
you all probably dont give a shit but does any of you know of a tool to log back into an Instagram account..? I somehow forgot my password. I would love any assistance you can give me.
Hands down the best style of introducing technical material, that I have ever seen. Your videos are so easy to follow. I'm glad you start with concepts and examples, before going into the jargon.
Thank you!!!! I never know what "client" site means until now. There are so many things on the internet, and unfortunately people just assume it's common knowledge and don't bother explain them, which makes the process so much harder and frustrating. Thank you for taking the time
Accidently found one video by Java brains, and this is my fifth video back to back, so additive ( things I understood in past with partial knowledge and getting confused time and again, explained o me here like a baby). I have seen many videos but no one explained like you did. Thanks a ton. Please put a link where views can make some donations if they are happy. I would love to do that
Wow ...trust me i have seen 10+ videos on this topic on TH-cam. But the way you are explaining... someone who is from commerce or arts background also will understand everything..😛
Thanks! I'm from Belarus and sometimes to hard to parse bad pronunciation, but yours is very clearly. Very useful explanation, one of the best learning channels!
Nicely explained. Just one point to add..the exchange of token in authorization flow happens from a server to a token end point. The call is not from browser.
Very nice introduction sir. I love your teachings. It helps me so much in understanding complex concepts which seems very difficult to me before. Sir, as honest request, can you please teach the implementation (demo) on the three flows you mentioned in this tutorial. Please sir👏 And thanks so much for these lessons.
it will be great if you start a series on SOLID and Design Pattern in Java/any oops language. I know there are lots of material out there on internet related to these but I believe your way of teaching style will help out lots of ppl. and if you do please try to make each SOLID principle example not related to each topic. Thanks
The idea of picturizing the concepts and telling a story to explain the concepts is extremely helpful and captivating sir! Thanks a lot! I derive immense sense of satisfaction on viewing your videos. Any such videos on docker and kubernetes please?
Hi Kaushik. Thanks a lot for providing such great content. You are doing great service to the community. Can you please release few videos on saml as well ? What is saml and how does it differ from oauth and how to implement it using spring boot .
Thanks Kaushik for such a wonderful video very clearly explained like you always do. I just wanted to know why implicit flow is less secured?? although in both kind of flows(authorization and implicit flow) client application has access token which can be used to access the protected resource from resource server.
Thanks for this brilliant tutorial. I had question though why did Client send AUTH token back to the Authorization server to get that ACCESS token in Flow-1?
Java Brains, thank you very much for the excellent video. One question about Implicit Flow. You've mentioned that it's drawback is that anyone can use the access token that client received. Isn't it true for the Authorization Code Flow when anyone can get Authorization Token and then get an Access Token with it? From my point of view this is exactly the same problem just the "dance" gets one step longer. And you point that in the first flow client can get an access token in a more secure way is not convincing. Why not to make the same level of security while getting an access token without sending authorazition one first?
Thank you very much for all the videos and well taught. Can you please post videos on spring security form validations like account locked and account expired. Thans in advance
Awesome Video as usual from Kaushik. One thing just want to clarify a point (21:45) Micro service 2 which does not know to validate a generated OAUTH by AUTH server, so it should call a AUTH server to validate a provided access token by MS1 is valid or not, if valid it will serve the purpose of a call. please correct me if i'm wrong. thank you.
The main point missed in 10:54 is that Auth token goes through the resource owner browser while Access token does not. So the resource owner never sees the access token in the Authorization code flow
Kaushik : one small doubt , in 3rd flow when MS-1 call MS-2 with access token then MS-2 wouldn't validate the token with Auth Server? If it validate then your didn't mentioned the arrow from MS-2 to Auth Server. Please explain but in wordings you are saying if MS-1 ask for payroll detail from MS-2 then Ms-2 wouldn't give because access token send by MS-1 is not applicable to get payroll detail. In short, arrow is missing from MS-2 to Auth server. Another minute thing is just to verify , Auth server is also a MS to generate the access token - correct na ?
Nobel Prize-winning physicist, Richard Feynman had once said: “You know you have mastered a skill, when you can teach it to a child”. Why? Because it forces yourself to understand the concept at a deeper level and simplify relationships and connections between ideas. Great Job Koushik! Thanks.
I just don't understand why some people would thumb down on this tutorial. In fact, all the tutorials from this channel are excellent. I learned a lot from them
I can't believe anyone would give this a thumbs up! Are you the author's cousin or something?
@@tombaxter2879 You mean he's got 4771 cousins or something? If you don't like this channel, show us yours.
@@phuang3 Relax. This particular video was bad, it doesn't mean the whole channel was bad.
Whose rule is it that says you can't comment on the quality of a video unless you, yourself have your own channel?
Grow up.
because they are history student came here to learn computer science
Some people don't like his accent sadly.
*Timestamps*
0:00 Intro
1:34 Term 1: Resource
2:24 Term 2: Resource Owner
3:14 Term 3: Resource Server
3:52 Term 4: Client
5:00 Who has the burden of security? (Ans: Resource Server)
6:51 Term 5: Authorization Server
7:54 OAuth Flow 1 *Authorization* *Code* *Flow*
14:09 OAuth Flow 2: *Implicit* *Flow*
15:50 Drawback of Implicit Flow
18:30 OAuth for authorization between services
19:24 OAuth Flow 3: *Client* *Credentials* *Flow* (for microservices)
22:20 Wrap-up
This is so appreciated 👍👏🤝🙏
23:10 Go rule the world
@Beau Ace Another bot comment "Joined Mar 6, 2021" reporting this account
How different it is from SAML
you all probably dont give a shit but does any of you know of a tool to log back into an Instagram account..?
I somehow forgot my password. I would love any assistance you can give me.
The tutorial is too good to having clearer view on Oauth flows. Hats off to the author
Hands down the best style of introducing technical material, that I have ever seen. Your videos are so easy to follow. I'm glad you start with concepts and examples, before going into the jargon.
It's absolutely a great video where I can fully visualize the working of OAuth 2.0..
Thanks a lot. Please do great videos like this thousands time.
Thank you!!!! I never know what "client" site means until now. There are so many things on the internet, and unfortunately people just assume it's common knowledge and don't bother explain them, which makes the process so much harder and frustrating. Thank you for taking the time
Client in any concept is the service(person, program, computer, platform) that requests something from some distributed remote server.
Accidently found one video by Java brains, and this is my fifth video back to back, so additive ( things I understood in past with partial knowledge and getting confused time and again, explained o me here like a baby). I have seen many videos but no one explained like you did. Thanks a ton. Please put a link where views can make some donations if they are happy. I would love to do that
Amazing explanation. Hope my son in college gets a "resource" (professor) like you. God Bless You
He made this so simple. He knows the art of teaching.
I must thank you for making me understand it in a better, simplified way. Your deep understanding on the topic is adorable. Once, again thank you
You are the best java channel out there! great job!
Your style of explanation / teaching is really top-notch! Great work
Always... best tutorials from Java Brains.
Wow ...trust me i have seen 10+ videos on this topic on TH-cam. But the way you are explaining... someone who is from commerce or arts background also will understand everything..😛
Thanks Kaushik , This series on OAuth2 is amazin
dhur hala
Thanks! I'm from Belarus and sometimes to hard to parse bad pronunciation, but yours is very clearly. Very useful explanation, one of the best learning channels!
You are a master of many concepts which many people want to learn.Kudos to You Kaushik.
Man, you have a gift for clearly explaining things, thank you very much for theses great videos.
Very well explained. One of the best videos that explains OAuth
Thanks for making it simple to understand the big concept .
Thank you for your great efforts . you are the best to simplify such complex concepts
You are a lifeSaver Man. Thank You so Much Sir.
Very good and crystal clear explanation with good analogy. Thanks for sharing this core concept
This is an awesome explanation. It just had what I wanted to clarify.... Thbskd watching this video. thanks and kudos to you sir
Great stuff man You helped clear my interview. Got the offer from company 🔥
Respect for making such a video ! Superb skill of teaching.
Excellent explanation in details..!! Thank you..:)
Thanks Koushik. Got to learn more about OAuth in meaningful and useful way. Please keep teaching more.
Explained very well. Thank you for clearing this concept
Great job, with you its easy to understand !
You made this topic very easy to understand.. nice 👌
Loved your awesome explanation!!
Great explanation! Thank you dudee✨
Nicely explained. Just one point to add..the exchange of token in authorization flow happens from a server to a token end point. The call is not from browser.
I think this is one of the best explanations so far. Is there a similar video on SAML and OIDC flow on your channel?
Very nice introduction sir. I love your teachings. It helps me so much in understanding complex concepts which seems very difficult to me before.
Sir, as honest request, can you please teach the implementation (demo) on the three flows you mentioned in this tutorial. Please sir👏
And thanks so much for these lessons.
Thank you very much again for this clean explanation. I appreciate you very much.
wow...very good explanations...i really enjoyed your teaching style!!..Thanks for making such a good efforts!
it will be great if you start a series on SOLID and Design Pattern in Java/any oops language. I know there are lots of material out there on internet related to these but I believe your way of teaching style will help out lots of ppl. and if you do please try to make each SOLID principle example not related to each topic. Thanks
awesome tutorial !!! It got a great understanding on this topic and it clarifies my doubts too. thank you.
Excellent explanation, before this video series, i always afraid about Spring Security. many thanks
Thanks Kaushik. Amazing video with the right set of analogies used at the right place. Kudos. 👍
Your videos are a blessing! Thank you!
Brilliant explanation 💯💯
You are amazing bro. Thank you for everything
great respect, It is an easy to start tutorial.
best explanation of oauth. thank you very much
very nice video. Doupts are cleared. Subscribed and liked. 👍
Love the explanation and teaching
This is a great tutorial. Thanks
The idea of picturizing the concepts and telling a story to explain the concepts is extremely helpful and captivating sir! Thanks a lot! I derive immense sense of satisfaction on viewing your videos. Any such videos on docker and kubernetes please?
Great job. Thanks a lot for making this video.
Amazing presentation skills 👍
Superb Koushik. Really helpful. Thaks again.
Love the way the topic is presented!
I really loved it... the way you explained and it is clear and emphasizing examples !!!
Awesome video, thanks !!
Can you also cover concept of challenge in OAuth, and how enterprise SSO works with OAuth.
Very well explained, thanks
Hi Kaushik. Thanks a lot for providing such great content. You are doing great service to the community.
Can you please release few videos on saml as well ? What is saml and how does it differ from oauth and how to implement it using spring boot .
Awesome Explanation !!
Crystal clean concepts as always :) Thanks Koushik!
Hey Guy
Finally found an Indian that makes sense :) Thank you! Subscribed.
Amazing lesson JB once AGAIN..great stuff!!
Thanks for the effort, very well explained.
You are a supreme teacher!
You, sir, are a legend.
very nice tutorial, thanks so much
Excellent tutorial!!
Superb explanation
You are the BEST!
Well explained. Thanks!
Wow, amazing explanation 🙏
Thanks very much 🥰.
Please make others vedio about spring boot very very very advanced
your tutorials are awesome ....
This explanation is amazing. Thanks!
best explanation for me
Excellent content! Kudos my friend
Thanks Kaushik for such a wonderful video very clearly explained like you always do.
I just wanted to know why implicit flow is less secured??
although in both kind of flows(authorization and implicit flow) client application has access token which can be used to access the protected resource from resource server.
Thanks Kaushik , was eagerly waiting for this video
Amazing explanation
great explanation
Thanks for this brilliant tutorial. I had question though why did Client send AUTH token back to the Authorization server to get that ACCESS token in Flow-1?
very well explained.
Java Brains, thank you very much for the excellent video. One question about Implicit Flow. You've mentioned that it's drawback is that anyone can use the access token that client received. Isn't it true for the Authorization Code Flow when anyone can get Authorization Token and then get an Access Token with it? From my point of view this is exactly the same problem just the "dance" gets one step longer. And you point that in the first flow client can get an access token in a more secure way is not convincing. Why not to make the same level of security while getting an access token without sending authorazition one first?
Dude knows how to teach!
thanks brother, good tutorial
awesome tutorial
Great style to explain!
Example of Valet is awesome...
Thank you so much for explaining it so beautifully
Thank you very much for all the videos and well taught. Can you please post videos on spring security form validations like account locked and account expired. Thans in advance
Great! Thanks
Awesome Video as usual from Kaushik. One thing just want to clarify a point (21:45) Micro service 2 which does not know to validate a generated OAUTH by AUTH server, so it should call a AUTH server to validate a provided access token by MS1 is valid or not, if valid it will serve the purpose of a call. please correct me if i'm wrong. thank you.
The main point missed in 10:54 is that Auth token goes through the resource owner browser while Access token does not. So the resource owner never sees the access token in the Authorization code flow
Hello, Thank you for your great efforts,
could you please cover sso with active Directory and Apache server ?
Thanks. It was Brilliant
Kaushik : one small doubt , in 3rd flow when MS-1 call MS-2 with access token then MS-2 wouldn't validate the token with Auth Server? If it validate then your didn't mentioned the arrow from MS-2 to Auth Server. Please explain but in wordings you are saying if MS-1 ask for payroll detail from MS-2 then Ms-2 wouldn't give because access token send by MS-1 is not applicable to get payroll detail. In short, arrow is missing from MS-2 to Auth server. Another minute thing is just to verify , Auth server is also a MS to generate the access token - correct na ?
Great Stuff. Thank you
Describing Oauth 3 base workflows is good.