Spring Security using OAuth2 in Spring Boot | Tech Primers

It would have been great if you had provided a detailed explanation on why some methods are overridden from Spring and the use of it with different options. However, this video is a great starting point to analyze further ourselves.

Great content; the best, simplified explanation of oAuth2 with Spring Boot I've come across. Keep up the good work!

Nice informative video. I liked the way it is explained and coded simultaneously. One thing is i observed is, some of the configurations used are deprecated in the latest spring boot 2.X or later. Users need to note that the example demonstrated is in SpringBoot 1.5.6, which should have been the latest one at that moment :)

A pretty superb tutorial from tech primers..
Hope this could be helpful for some people..
Something to mention:
For auth-server has some deprecated function for version 2 :
application property should be :
server.port=8081
server.servlet.context-path=/auth
and there is a need to make CustomSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter
to create bean function
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
because @Autowired authenticationManager is not being supported for th Spring version 2
while security.basic.enable=false already deprecated so we need to change things to disable http basic security by not using spring-security-starter..
For the client server:
We need to change deprecated extends WebMvcConfigurerAdapter to just implement the WebMvcConfigurer
Need to change application.yml configuration into:
server:
port: 8084
#for running behind proxy purpose
use-forward-headers: true
servlet:
context-path: /ui
session:
cookie:
path: UISESSION
Adios and amigos.

Nice video, good explanation, I have a question, can I implement OAuth2 authorization with code flow to call an API from another API?

hi , i want to know , do we need to use oauth2 if we want to login in our application through FB or other application credentials , or if we create our application where user needs to register and with those credential only need to login then alos we can use oauth2. Or just using jwt token we can achieve this without oauth2.Looking for your input

Hi Ajay,
Excellent explanation. Very well done.
May I ask one question. We can restrict API access inside a resource server based on Role. In your video you have mentioned that Auth Service can be from google and resource server can be on local machine. If validation happens at Google then how role will be assigned. Google role may not be relevant for our local resource server .
Thanks,
Vivek

Nice video bro..i have one doubt,you explained about Authorizing secure URL etc..and where is the concept of access token and authorization code and where we are generating those.Can you tell how to test this in POSTMAN without that client project?

Awesome Video. I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs.
1st I got the access_token from that Service.
Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know.

Thank you for providing this

Nice Explanation Sir.....

how to implement authorization in swagger can you prepare that video please

hi techprimers... thanks a ton for this video....i didn't get one thing...why it worked after adding the /principal and why it didn't work prior to that....

Hi. Nice explanation. I have one question for you. I have my authorization server set up and running. I want to build open Id connect upon it. Can't we build a custom provider ourself without relying another party? Is there any good reference or sample available?

Very good tutorial..thank you so much. Could you please explain why was the oAuth extra dependency required?

It's very nice video thanks lot, can you please post video with JWT and with out form authentication of oauth2

Thanks Buddy for sharing your experience and knowledge...

Hi. Awesome video. But I am getting error while click on 'Login to OAuth here'. The error is

Full authentication is required to access this resource

unauthorized
Please help.

Thanks for the tutorial.
How can I perform this authentication to protect my REST API and test it from the POSTMAN?
How could I customize the login.html with css?
The ClientId, Secret, those come from somewhere or do I define them?

Thank you So much !!
is it the smae for client credentials grant type aswell ?

just wanted to understand if the Oauth authorization along with authentication that you have shown in your code - is it covering OIDC flow as well?

Resource server application is having protected resources which can be accessed only through access token and that token has to be issued through separate application that is authorization server.

Hi .. Thank you very much for this video ... this is very enlightning .... btw can you also show how to use this oAuth server using Postman (or any rest client) instead of a client app ... I am trying to do it but not able to see any responses in dev tools ..

Hey..great job...very informative....i was searching over the net to find an oauth2 with zuul implementation where all requests to authorization and resource servers go through a zuul proxy...it will be very helpful if you can add zuul feature to this tutorial...

Thank you so much Ajay..Its of great help to me :) God bless you

Thanks for the video. I have one question
How the access token which is provided by Authentication server is getting validated at Resource server. Because without validating if some one changes the access token then also it will work.

Thank you. Could you also explain if client is web service instead of web page, which interface I have to implement on client side. I have to write rest web service client to consume oauth secure rest webservice

thks. But How to make a cal for my rest services from my client using the users credentials ?

also very nice work with editing the video, gives a professional feel to it

Hi, When we need to go for OAuth2 and we need to go for JWT, and in which scenario goes for the certificates in the app server.

May i know what is the Oauth2 version in this video?
the one i tried, seem like no more "@EnableOAuth2Sso"

Hi Ajay,
I was looking for integration of spring boot with keycloack. Without using keycloak adapter . I want to use oauth2 and keycloak for rest api. I dont need any login screen just rest api which takes access token

I'm having trouble follow the tutorial with spring boot 1.5.15 (not a snapshot), @EnableResourceServer tag does not exists, there is any way around that?

Great video! Do you have a vdo of this with angular(2,4,5)? or can share some link from where I can get it?

Thanks man, just saved my life. live long

Hi , perfect tutorial . thanks a lot . Could you pls let us know or post a tutorial on " OAuth 2.0 Authorization server using LDAP authentication" .It is not present anywhere around the internet.

Hi, is it possible to have two different oauth providers in the same application. And use them conditionally based on the requested url?

Nice Video. When I run the example cloned from github I get "403 Forbidden" error. What could be the issue?

thank you so much. Great tutorial. i like it. so where do i get an advance tutorial vid ?

setting the token in the cookie is a major vulnerability !!! the correct implementation is that the auth code shall be sent to the server side by web redirect, and then it shall be used in a server to server call to acquire the access token. the access token shall only be used on the back channel, which is the server to server call. single page applications can utilize PKCE update on the auth code grant type.

It's very nice
but dont u make video about client in dynamic one more?

Awesome tutorial. Unfortunately Spring don't provider a clear exception when his return a 404 status. Anyway, thanks for shared!

Why I am getting error as "Consider revisiting the conditions above or defining a bean of type 'org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory' in your configuration."

I liked your problem-solving skills, Thank you.

Would this still work currently? I followed this 100% but currently it critizies me for missing authentication and does not load the pages

Hi Ajay,
I've one requirement, I will need to get the access token using OAuth2.0 first, I don't need to redirect after getting the token, what I'll need to do is, based on this token, I will need to invoke multiple REST API's. Currently I'm stuck how to get the token alone first?. Please help me out, what changes I will need to do in properties file and in any java component file?.

Thanks for this video...But I need a Combination of Angular+ Springboot with Oauth2. I have searched in youtube but I didn't find any reference with the combination of these. I am new to the Spring boot and Oauth2.

Hi can you explain how can we add our custom login page instead of by default OAuth2 login page.

Great tutorial! How about the hello() method in resource server, how can we call this method from a controller for example and display on themeleaf template?

Kindly provide a video in how oauth delegates authentication to AD/LDAP. Will be so helpful

Very good tutorial. I would like to know can we create a custom login page.

Awesome video, thank you very much. I need a bit of help though, I have been back & forth with the video and your GitHub & I don't see any differences with any of my code. After I login I come to a 404 page "There was an unexpected error (type=Not Found, status=404).
/ui/secure.html" do you know what I could've done wrong? I have all dependencies, & have secure.html in templates package.

Nice video with In depth understanding of concept

Can you please make the same video using database authentication and let it also include registering a new user, please.

Hi, I am using same code but I am getting this error This XML file does not appear to have any style information associated with it. The document tree is shown below.
Full authentication is required to access this resource
unauthorized

i am able to do logout, but if i have multiple spring boot application i need to logout form each application.can i have single sign off also with oauth and spring boot?

thanks for the video.. I have one question. Generally we have 2 tokens in oAuth: Auth code token and Access token. In this tutorial we have Access token. I think Auth code token is generated after authorization. where is that in our example?How and where it is used... please explain. thanks in advance.

Thank you for the presentation. quick question, if I am declaring client details(client-id, client-secret, password) in application.yml, how can we auto populate the same details in code and pass the same to OAuth2RestTemplate while calling exchange function to call API.

Very nice video! Can you do an exmple with an Implicit grant flow for a javascript webapp (SPA) ?

Thank you very much, very good tutorial on OAuth2

Hi Tech Primers,
could you please explain Oauth2 with angular4 ??

Simple and straight forward, Very good indeed. Thank you.

Great Job , Thank you So much !!

Can I get example to access third party like Facebook or google..

Perfect, but How can I implement this AUTH on Client side using @RestController, because I configured a server auth with port:8098 and other other project like microservice with port:8092 and when I tried to call an rest-api in port:8092 and it didn't redirect to me to port:8098, just showed me a login interface but my credentials from mysql database didn't work. All the time said me "Your login attempt was not successful, try again.", Can you show us how to implement Auth2 with Client using @RestController instance of index.html?

Hi for the resourceserver didn't you need to extend the RespurceServerConfigurerAdapter?

Thanks!!

good job sir

Can you provide oauth with only rest api example

Thank you for such nice tutorial.

Great video bruh

can i expect login and registration APIs with BcryptpasswordEncoder and Oauth2 with access ans refresh token, authentication based on password and role

Great video. Thank you. Also if possible can you also do video on Springboot with SAML SSO.

@ 30:13 resource->userInfoUri is just allowing hello resource. How do I allow multiple resources like hello, user, other?

Very nice, can u pls xplain how to write oauth2 client in Springfox swagger2 implementation??

When I am entering as "localhost:8082/ui/" it is redirecting me directly to "localhost:8081/auth/login" . I am not getting what could be the problem?

Hi bro, can you please explain how can we login jenkins from url which is there at outlook email

How can I make Spring Security OAuth2 work with load balancer? please help me regarding this issue
Client sends request for the oauth token
LB redirects the request to Box 1
Box 1 authenticates and returns a valid Bearer Token
Client receives the token and store it for using through the sesion
Client sends request for a service in the REST API adding the previously retrieved token to the headers
LB redirects the request to Box 2
Box 2 fails to authenticate as it does not recognize the token and returns an Invalid Credentials response.

I want to integrate google fit into my application and get data from there. How can i do this?

Hi
I am Ramesh, please explain me what is diff b/w restful and microservice.

I am getting the same error : "Failed authenticationManager in AuthorizationServerConfig required a bean of type 'org.apringframework.security.authentication.AuthenticationManager'

Hi, How Request is Redirecting to Login Page? And Where is the code for Login Page? .jsp or .html?

The spring started you added is missing while i was working

Can you help me with this
Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception;
just downloaded whole project from github and run on intelliJ

Hey, Thanks for the video. Also, I have a query i.e. What If I want to access server-side APIs with Postman. Please help!

Given examples ....i tried in my local but unable to get the ouput...i am using this Url(localhost:8081/auth/ui/login) after login .. i am getting error like"
Full authentication is required to access this resource
unauthorized
"...could you resolve this issue...

Hi can i check why is your user credentials peter peter stored at the resource server? Is this method of OAuth 2.0 using local login?

can you show us how to add more details in principal

Thank you so much. It is totally worthful.

You have not shown on how to access "HelloResource" rest API? localhost:8081/auth//rest/hello when I access it says 401 unauthorized.

I think AuthenticationManager is redundant in ResourceServerConfig.java. You already use the inMemoryAuthentication method. And also I have made a pull request for this from GitHub. Please check and return me back if i am right or not

Can you demo this using Postman?

Excellent

Is there any PDF while for code or link

hi bro your are doing good i have one doubt how spring boot can handle high traffic could you please answer

Nice contents

very informative, i am able to do it with the help of your vdo, but not able to logout from all client application. pls help for logout

Doesn't work following this tutorial. It throws AuthenticationManager authowired bean exception while starting up the authorization server

Hi, I have a problem when I start the server: "a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found."
Do you know how I can solve this problem ?

This example will not work in Spring Boot > 2.0.0.M4.
Looks like the @EnableOAuth2Sso have been moved to :
'org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.0.0.RELEASE'
also problems with AuthenticationManager in Spring Boot > 2.0.0.M4 are discussed here:
github.com/spring-projects/spring-boot/issues/11136