Implementing login with Facebook and Github from scratch - Java Brains
ฝัง
- เผยแพร่เมื่อ 5 ต.ค. 2024
- In this tutorial, we'll implement a Spring Security application from scratch and implement a login with Facebook / Github feature using OAuth SSO. You'll understand how OAuth can be used for authentication and some disadvantages of the approach.
Spring OAuth Guide: spring.io/guid...
Java Brains website: javabrains.io
#JavaBrains #BrainBytes #HowTo #SpringSecurity #Spring #SpringBoot #JWT #Java #Tutorial
Bravo!!! You're not only a developer, but also a teacher. I just completed your well-detailed spring security series. Thanks
It is always my first suggestion to my friends and colleagues who wants to learn spring hibernate is to watch Javabrains.
Everyone has knowledge but this guy has skill to deliver that knowledge so that anyone can easily understand. I am impressed with your teaching skill .Hope for your better scope.
Please continue micro services series
I always ask my friends to go to javabrains on youtube to learn spring security. I am sure you would agree with me sir that this series is incomplete without custom auth server and resource server tutorials. I watched various videos but nobody explains the way you do, Sir. I have been waiting for that for so long. Plz make videos on custom resource owner password grant flow, custom authorization code grant flow and custom client credentials grant flow.
I agree with you and am myself waiting for the videos on custom authorization server, resource server and OAuth implementation
Awesome .... Your notification make me working day in weekend
I liked the way you explain stuff, makes it so simple!
You are doing great job, Sir. It would be a great honor if you make a full project using spring boot, microservice, (e.g management system related).
Please make a video on websockets because I would rely on no other source than Java Brains :-)
Watch from 7th minute if you know what is oath otherwise don't skip he explained very well what is oath
It's pretty cool and simple way to authorize clients.. Thanks Khoushik sir 🙂🙏
I have went through all the Spring security videos and loved it. Please create new video on the Intermediate and Advanced series for Spring Security.
Thank you java brains for this series. the concepts were broken down so well making them easy to understand.
kaushik, you are the best. saw the complete series of 3 videos on OAuth 2.0 and I feel pretty confident now on how it works. Please keep making such videos. Proud of you!!
Thanks a lot for all these hard work. Waiting for openid connect next in this series
Thanks a lot sir.I'm searching your face behind your sound.But in this video i'm become so happy after seeing your face.I think genuine concept about Spring security will be complete by following your lectures. Great Job Sir.
You are very good at this. I hope it is rewarding, and not just in an emotional sense. Keep it up.
Hi Kaushik !! you are doing a great job, I gone thorough your videos related to Spring Security, and it was ultimate where you made my concept related to Authentication more clear by creating example with .. InMemory, Jdbc..etc. even before you made animation which was quite helpful to understand how AuthenticationManager works with different AuthenticationProvide Implementation.
Can you create few videos on AuthroizationServer in same way to get understand flow of accesstoken and its implementation, so that we can generate accesstoken/refreshtoken and validate users.
Getting better at speaking in front of the camera, man! Thanks for all the awesome tutorials!
@JavaBrains: Thank you for the nice tutorial. I have successfully implemented with the facebook authorization. I have also implemented with the github and authorization screen comes up but after that error happens.
After removing the propery "authenticationScheme: query". everything works fine.. :)
thanks bro, i had the same issue.
"Let's pick the latest version...it's GOOD ENOUGH" made smile ;)
Excellent and wonderful teaching style, soothing voice and superior explanation. Keep up your hard work, If possible start series on ONAP.
I really like the way you teach, following you since javascript for developer series!
I just wish you did more python videos, we need more pythonbrains
woh woh woh!!! you are great sir... watched all your videos from spring to spring boot to microservice to spring security.... oH ho!!! you are a great man.. thank you for sharing your great knowledge.. looking forward to learn more from you.. :)
I just love the way you teach
Love you Darling....You are a true legend who has super duper clarity on each topic.
A very nice explanation.
Recently I got a chance to visit Germany for Working purpose, I was happy as well as surprised to see that many people in Germany follow your tutorial.
But I was really sad to hear that, they are not able to pronounce your name correctly!!!!!!!
Thank you Kaushik .. it seems @EnableOAuth2Sso is deprecated, could you please update this tutorial accordingly.. thanks in advance.
hang on a sec 😂, I like the way you start this topic.. you are a great teacher 👍
Thank you so much sir for providing such kind of great content with clear concepts!
Man, awesome series about auth you have done!!
Could you please add a video on openid connect as spring has deprecated many of oauth classes
Koushik Sir, It takes a lot to research on and present it this with level of articulation. I have learned a lot from your videos. I was able to switch jobs because of you. Many congratulation and THANK YOU(Pls, Assume this thank you is written in bold and biggest font size ever :P)
too good, the specially the examples used and explained are very easy to understand
Thanks!!! It's really easy to understand and I could follow up to write running code! I hope you can make a video about how to setup an Oauth server
Hi .. this is excellent tutorial!!!!
Could you pls also create video on the Spring boot app +docker+kubernetes .
Great Content Sir.
I am however getting an error when i try to use @EnableOAuth2Sso with SecurityFilterChain instead of WebSecurityConfigurerAdapter (since this is deprecated) as the annotation is somehow invoking webSecurityConfigurerAdapter. the error is get is
"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one."
Can you please suggest a workaround for it?
TIA
Regards
Aabid
Great series for Spring security 👍 Thank you👍
I think the last part we can handle by making logout calls to the Authorization server so that the session handling is in sync with the client application
This is a great video.. I got a clear idea about OAuth. I have a request please make a spring boot authentication with Microsoft Entra ID with Azure API Gateway Management.
Thank you so much sir for an amazing series. Please also make videos on Payment gateways with spring boot.
how will we map custom roles/permissions that spring app would require after authentication e.g to allow certain features only to specific type of users
thanks for the video sir, awaited playlist
Great content and clear explanation on each topic... thanks a lot!
Please cover micro services in more detail. Nice video while going for an interview
You are outstanding kaushik...
Hello Koushik! I love your classes, could you make a video about oauth2, implementing a resource and authorization server with spring?
Your content is gold thank you sir
Hi Kaushik, please add more tutorials for authentication in micro services using open id connect
Nice explanation.. please upload SAML authentication also
Nice Oauth overview but as you might have noticed OAuth2 is also available for spring security what major differences can you tell there are with OAuth and OAuth2. Why did you go with Oauth instead of OAuth2. Thanks again :)
It appears that the maven dependency is deprecated (at least the annotation for SSO)
What to do then?
@@amritnalam9994 github.com/sreddyiitr/spring-oauth2-authentication. I followed spring.io/guides/tutorials/spring-boot-oauth2 to write it
Because of deprecated spring-boot-security, there is a new spring-security (5.0+) version. But no idea, how to implement it there. If someone has an idea, please contact me.
Simply..... WoW !
Please add a tutorial for openID connect and saml
Such an easy explanation !
Man... I am preparing for a senior interview and this is just part I am trying to cover.... Because your way of teaching twist in the climax of videos...ending up continue watching...lol...
Heyy Kaushik !! one more request, if possible can you create series on SpringTransaction. I didn't find any well explained tuto video on youtube related to SpringTransaction.
Great video! I have a question: does every person using this application has to beforehand go into their facebook account and allow this application? How can this be used by customers of the product?
Please make a video for JWT Enhance in this series.
Thank you for the tutorials. Great analysis.
Could you please share the github repo for this ?
I was more curious to see how you persist the token for micro service inter communication. Who maintains the timeout, do client/micro service probe to authentication service for validity of the token when the intercommunication between the micro service happens.
this is exactly i was looking for. thanks
Please add a video on Open ID connection for authentication and alos using Postman for sending HTTP requests
Thanks Koushik. Anyone facing
below ?
.UserRedirectRequiredException: A redirect is required to get the users approval
I'm facing this issue too. Found a solution?
use
org.springframework.security
spring-security-oauth2-client
Hi kaushik,
U didn't tell how to create a GitHub app and I m little confused with the same. Could you please help me
Can you explain the process of saving an OAuth2 user along with a normal user in a database?
Awesome series, I am a better developer now.
Hi Kaushik, Could you please include the best way to initialize the DB parameters and DB pooling in Springboot?
Please make tutorial how to set up few logging providers in one app (for example google and facebook). And if possibly how to bind it with custom user database in REST environment.
Hi Koushik, May you please show the steps of creating a GitHub App for OAuth access? I am struggling with it. Or redirect me to where I can find so.
Isn't that what I explained in this video? Is there anything else specific you are looking for? If so, I recommend yo check out the Spring OAuth guide link in the description. It is very detailed, and covers a lot about this
@@Java.Brains Ah yes indeed. It are the steps with creating an app in GitHub through GitHub developers tool just like Facebook developers tool that I was confused with.
pls make a tutorial also about using kafka in springboot
The type EnableOAuth2Sso is deprecated :(
What to do then?
@@amritnalam9994 Add http.authorizeRequests().oauth2Login() in your WebSecurityConfigurerAdapter to enable login with oauth2.
Please make a video explaining feign!!
if one goes to tutorial at Spring.io, he will find that the yaml looks like:
spring:
security:
oauth2:
client:
registration:
github:
so it has two more lines not present in Koushik's tutorial:
registration:
github:
I wonder if we have to constantly check if the Spring configuration has changed, otherwise our app will get broken
Please help
what if in my application let's say I am implementing the oauth using google for SIGN UP and when the user gets signup using the google auth and then the google auth will only give me the email id of the user then how I am going to implement the Authorization in my application like role based giving access to different users according to their roles.
Great tutorial ! Could you please elaborate on how to have multiple oauth resource servers in the same app(i.e both fb and github),and how to configure logout ?Why doesnt oauth have the usual default logout page ?
Let me know if you found any solutions . Im having the same question.
Please create a tutorial to show blacklisting of jwt token, maybe using redis cache or some database.
Koushik tech tips.... 😁
Great content
well done kaushik
Hi Kaushik, your tutorial series is just great. I have learnt a lot from your videos. Now I'm asking for a bit more. I don't know if its possible but looking for something where a think client java application ( swing, fx , or Eclipse RCP) can be integrated with google authentication. It's like a valid google user can login to an application installed on a PC ( Non Browser ...no Html/javascript) . I know it may sound a bit outdated but if you could provide me with some help . thanks
Thanks for the class, very informative, i have one query, where i can i find the code for this implementation. i am not clear what all the details client needs to store for subsequent request and where will one get that from in code. how to manage multi user use case.
big problem is .......how connect microservice oauth2-jwt with Angular ...??...!!!.....is i need to setup Client Id & Pass,Username&Pass in Angular app OR setup OAuth SSO in zuul....!!!
I recommend checking out the link in the description for Spring OAuth guides. It does a detailed job explaining these scenarios, and I don't plan to cover videos for all of them.
Can u pls explain these with the example of photo printing service and the flow you explained in the last tutorial...
Imagine that the Spring Security app we are building in this video *is* the photo printing service and we are authenticating against Facebook. This is pretty much the same flow with different services, although they all have their own way of creating and registering an application.
Hi kaushik, can u do the same for LinkedIn and Apple sign in
good series, thank you
Hi Kaushik, Thanks for the wonderful video on Oauth. I have a question -
1. If I want to set up some sort of scopes/ role based access to my APIs. Say for ex - I have 2 group of APIs - /manager/** and /employee/**, How/Where would I set the scopes for the user so that when he logs in via Oauth2, he can be provided limited access to the backend APIs ?
You are referring to the OAuth client flow. This flow explained in this tutorial just gets the user's profile information. Because all we need is to confirm an active login to authenticate, and we aren't accessing APIs for any other purpose. Short answer - that's a different flow and use case
@@Java.Brains Hi, no I am referring to the Authorization Code Grant flow, where the user after successful login gets his role (defined earlier) embedded in the access token. This assignment of role usually takes place in the IDP before the login process. And based on this role, the access to API can be controlled. Does Social Login using Facebook/Google etc. provide configuring this Role on their side or do I need to maintain this role information in local database for each user authenticated by Social Login ?
Also, correct me if I am wrong, isn't Client credentials flow is what used between services ? Example Service A trying to access resources from Service B, would instead request an access token from OAuth Authorization server and then use that token for access to Service B ? AFAIK client credentials flow is applicable for scenarios where user interaction is not required. Ref - oauth.net/2/grant-types/
Hi there, nice tutorial!!!
Question, how do I make a call from the Postman Application? Use the Basic Authentication with username and password?
Do I get a token back? if yes, how do I use that token with Postman?
thx, Markus.
How exactly to handle clientSecret? Should we put it in a db instead of a properties file? Or are there more secure ways to store them?
Waiting for next videos kaushik.
Hi, let's say I have own jwt authentication login system already and I want to add this login with Facebook as well. How can I do that
Did you find the answer? I have the same question)
Please add a video on OpenID Connect 2.0
Thank you Koushik
I keep getting this error: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval. Not able to get past it.
Tried putting in contextfilter, then got the error: java.lang.IllegalArgumentException: [Not a URI because there is no client] is not a valid HTTP URL.
Any idea how to solve this?
me too
try to use the same version of oauth for this tutorial, 2.1.8.RELEASE
use this
org.springframework.security
spring-security-oauth2-client
I tried using spring-security-oauth2-autoconfigure version 2.2.4 dependency. @EnableOAuth2Sso is deprecated. Or is it compulsory to use v2.1.8?
Same issue here and also getting "Missing tokenInfoUri and userInfoUri and there is no JWT verifier key" while starting up the application. Did you make some changes to the application.yml file?
@@utkarshgupta8061 I have the same problem. Did you find by any chance a solution?
@@oleglitovka2286 Nope, I didn't.
@@utkarshgupta8061 Because of deprecated spring-boot-security, there is a new spring-security (5.0+) version. But no idea, how to implement it there. If someone has an idea, please contact me.
@EnableOAuth2Sso is deprecated now.
@EnableOAuth2Sso is deprecated
great video , but how to integrate this functionality with angular ?
OAuth itself is used for authorization. If Oauth is used for authentication like this, is it equivalent to SSO?
This Is OAuth or OAuth2?