[008] How to Secure Micro services - oAuth2 Server part 01 - [Micro services in and out 008]

Awesome explanation , could you please integrate this Auth server concept with Spring Cloud API Gateway it would be more helpful

I've been trying to wrap my head around OAuth 2.0 from past 1 week. Tried many blogs and video tutorials but nothing was as clear and simple as this video. Thanks a lot!

Many Thanks Krish!! You are awesome!

Explanation is very clear...I have more confusion but now i'm clear and i'm in correct track...Thank you so much....

you are a perfect teacher. Waiting for the next lecture. Thanks!

අයියා මේක නියමයි. ඔයාට මාර teaching skill එකක් තියෙන්නේ , Thanks a lot!

Nice session and thanks for spending your valuable time.

realy very clean and smart video. Thank u so much

Explanation is clean and clear ...... 😊🤞.... Thanks for the tutorial...🙂

I had lot of confusion before watching this video, but now totally cleared. thanks

Thanks Krish for nice valuable presentation.

really great, very granular description...subscribed

Very good video. Thanks! Keep them coming

Really good explanation sir..

LOVE IT!

Thanks a ton for this presentation really very helpful

Great explanation, i had confusion in the error information now its clear. Thank you so much

So nice..
You are great Sir

Amazing tutorial and easy to undestand! Thank you so much (y)

It was really helpful. thank yooooooou

Good one Krishantha.

Thanks Krishantha, its really helpful.

Great tutorial, Clean and clear!

Thanks a lot sir, you are really explained in a better understanding way..

great tutorial i love the way you explain

Great informative content..👍👍

thanks man, learnt alot

Great explanation

Thank you very much

Great

very nice sir! thanks ! pls keep posting more videoes on Kubernetes and docker concet=pts

You deserves a subscribe mate.

Great!

Great Video

I Working on role based inventory management system using angular UI. At backend using microservices using Spring Boot 2.6.1. Can you please make a video for oauth2-client, oauth2-resource-server? I am very confused to create authorization server and then protect spring cloud api gateway to ensure the protection of all microservices with user login.

Thanks a lot...very good explanation

Great Tuto

its nice, instead showing yourself better focus on presentation, so that no distraction.

Superb explanation and the drilling down the when the issues appear. Haven't seen this kind of tutorial regarding OAuth2 Spring security, Cheers #Krish

How does one create new CLIENTs and USERs in production. Here we have used SQL scripts to create users/clients. Thanks for your videos. It helps learners like me.

Great video! Could you please show/explain what exact request sent from your HttpClient (curl format). Also I'm lost when to send "mobile/pin" and when "krish/krish123"

super

Hi Dinesh, currently "cloud oauth" dependency is not available in spring initializer app. Also the @EnableAutherizationServer has not been supported by spring boot.
Is there any other ways to make authorization server with latest updates. If possible could you please make a video?

I have few question:s
1. why AuthenticationManager is not required to be injected to endpoint at the time of reading the client-credentials from yml file(same for passwordEncoder).
2. why AuthenticationManager is autowired only inside AuthServerConfigurations(not in UserConfiguration)
Thanks in Advance...

Sir Please post one video on jwt token store

9:37 you mentioned that the client talks to resource owner first. But 11:16 you are mentioning that the client talks to authorization server first. Why?

Hello Krishantha, Are you going to release the videos on Resource server also..??
Could you also create a video for oauth 2.0 using grant type as client_credentials with separate applications for Authorization server and resource server. Thanks in advance..!!

Thanks

Thanks so much 💪

Can you make tutorial about oauth2 using mongodb ? I have many problem when i change to mongoDB .. Thank you so much !

which app do u use for api testing, that looks really cool

I'm getting 401 unauthorized in spring boot 2.2.5 for this configuration, can't find why...

Excellent presentation, but I am not able to move forward, facing Unauthorized error message even after sending basic auth params.Output looks like this {
"timestamp": "2019-08-12T06:18:58.932+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/oauth/token"
}

roles in not coming once you doing in in-memory java code configuration

Why did you change application.properties to application.yml?

Hi, Nice session. Could you please commit the final oauth2 project in github.
If possible, can you give the session on below integration(SSO) :
apps will be : 1 Central Authentication and authorization server with its own custom login page.
2. There will be micro-service which have a rest api
3. Web MVC application with spring security, when application is run, user is redirected to login page of Authentication and authorization server and upon successful login user is redirected and lands to home page from where he further try to get respose from above rest api based on client secret and id

I am not able to make it work with context path. Use to work fine with spring 1.5 but getting problem with spring 2. Any ideas why

Hi Krish , How will i do refresh token and how can i send permission with jwt token ,Plz

I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs.
1st I got the access_token from that Service.
Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know. Sir, please respond asap.

I am not sure, how will you implement this using Zuul as the edge node

What REST client app are you using for testing?

Hi Krish,
what's the http client you use ? Thank you, Esteban

Thanks a lot for the efforts
But this ended up to be an another oauth tutorial with no insights!! How to do oauth in spring is available easily but explanation on how to do with insights!!! Stil missing

Please help
what if in my application let's say I am implementing the oauth using google for SIGNUPand when the user gets signup using the google auth and then the google auth will only give me the email id of the user then how I am going to implement the Authorization in my application like role based giving access to different users.

how to add resource server along with this?

What is the difference between oauth and ssl

refreshtoken not getting

I have implemented as instructed in the video. But I am encountering an exception for POST /oauth/token HTTP/1.1
Host: localhost:8090
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bW9iaWxlOnBpbg==
User-Agent: PostmanRuntime/7.19.0
grant_type=password&username=cs405017&password=*****&role=ADMIN.
Exception :
[nio-8090-exec-2] o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: NestedServletException, Handler dispatch failed; nested exception is java.lang.StackOverflowError.
On reading different similar issues on the internet --- all of them points out at authenticationManager instantiation override. But I have correctly overriden it.
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
pom.xml

org.springframework.boot
spring-boot-starter-web


org.springframework.cloud
spring-cloud-starter-oauth2



org.springframework.cloud
spring-cloud-starter-security
2.1.4.RELEASE
Please assist.

which tool are using to build the oauth

I can not find you on Instagram

May I know what are the client-id and client-secret stand for?

Hi Krish, I followed your oauth 2 example and could get declarative way code running,but programmatic way is not working,gettinh unauthorized for /oauth/token,followed your video and example step by step,can u pls suggest

Hi Sir ,
I am not able to understand why client-id and secret along with user name and password has to be put in-order to get authorization code ?? If my understanding is correct , user is not related to any client apps which gets registered with authorization server .
Please help

Please check and answer. I am Stuck.

The explanation given in the beginning is not clearly explained with code. Losing interest as the coding progress since there is no connecting explanation between the code and concept. Please improve

Thank you very much