I've been trying to wrap my head around OAuth 2.0 from past 1 week. Tried many blogs and video tutorials but nothing was as clear and simple as this video. Thanks a lot!
I Working on role based inventory management system using angular UI. At backend using microservices using Spring Boot 2.6.1. Can you please make a video for oauth2-client, oauth2-resource-server? I am very confused to create authorization server and then protect spring cloud api gateway to ensure the protection of all microservices with user login.
Superb explanation and the drilling down the when the issues appear. Haven't seen this kind of tutorial regarding OAuth2 Spring security, Cheers #Krish
How does one create new CLIENTs and USERs in production. Here we have used SQL scripts to create users/clients. Thanks for your videos. It helps learners like me.
Great video! Could you please show/explain what exact request sent from your HttpClient (curl format). Also I'm lost when to send "mobile/pin" and when "krish/krish123"
Hi Dinesh, currently "cloud oauth" dependency is not available in spring initializer app. Also the @EnableAutherizationServer has not been supported by spring boot. Is there any other ways to make authorization server with latest updates. If possible could you please make a video?
I have few question:s 1. why AuthenticationManager is not required to be injected to endpoint at the time of reading the client-credentials from yml file(same for passwordEncoder). 2. why AuthenticationManager is autowired only inside AuthServerConfigurations(not in UserConfiguration) Thanks in Advance...
9:37 you mentioned that the client talks to resource owner first. But 11:16 you are mentioning that the client talks to authorization server first. Why?
Hello Krishantha, Are you going to release the videos on Resource server also..?? Could you also create a video for oauth 2.0 using grant type as client_credentials with separate applications for Authorization server and resource server. Thanks in advance..!!
Excellent presentation, but I am not able to move forward, facing Unauthorized error message even after sending basic auth params.Output looks like this { "timestamp": "2019-08-12T06:18:58.932+0000", "status": 401, "error": "Unauthorized", "message": "Unauthorized", "path": "/oauth/token" }
Hi, Nice session. Could you please commit the final oauth2 project in github. If possible, can you give the session on below integration(SSO) : apps will be : 1 Central Authentication and authorization server with its own custom login page. 2. There will be micro-service which have a rest api 3. Web MVC application with spring security, when application is run, user is redirected to login page of Authentication and authorization server and upon successful login user is redirected and lands to home page from where he further try to get respose from above rest api based on client secret and id
I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs. 1st I got the access_token from that Service. Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know. Sir, please respond asap.
Thanks a lot for the efforts But this ended up to be an another oauth tutorial with no insights!! How to do oauth in spring is available easily but explanation on how to do with insights!!! Stil missing
Please help what if in my application let's say I am implementing the oauth using google for SIGNUPand when the user gets signup using the google auth and then the google auth will only give me the email id of the user then how I am going to implement the Authorization in my application like role based giving access to different users.
you can create scope and permissions on google side when you create your app. so on the authorization process it returns scopes and permissions belongs to particular user
I have implemented as instructed in the video. But I am encountering an exception for POST /oauth/token HTTP/1.1 Host: localhost:8090 Content-Type: application/x-www-form-urlencoded Authorization: Basic bW9iaWxlOnBpbg== User-Agent: PostmanRuntime/7.19.0 grant_type=password&username=cs405017&password=*****&role=ADMIN. Exception : [nio-8090-exec-2] o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: NestedServletException, Handler dispatch failed; nested exception is java.lang.StackOverflowError. On reading different similar issues on the internet --- all of them points out at authenticationManager instantiation override. But I have correctly overriden it. @Bean public AuthenticationManager authenticationManagerBean() throws Exception{ return super.authenticationManagerBean(); } pom.xml
Hi Krish, I followed your oauth 2 example and could get declarative way code running,but programmatic way is not working,gettinh unauthorized for /oauth/token,followed your video and example step by step,can u pls suggest
I ran your project as it is, then trying to hit localhost:8282/oauth/token with basic auth client id as web clientsecret as webpass ,body aas urlencoded , grant type as password username as Krish and password as Krish pass as mentioned in the code,but getting error as invload request and missing grant
Hi Sir , I am not able to understand why client-id and secret along with user name and password has to be put in-order to get authorization code ?? If my understanding is correct , user is not related to any client apps which gets registered with authorization server . Please help
you are correct. you users are not bound to client-id or secret. watch the video one more time :) you need client-id and secret in the request for client app to authenticate with Authorization server.
Hi Sir , I did some reading and went through couple of articles related to it ,if my understanding is correct resource server is also an additional client of authorization server so that why we provide client-id and secret inorder to validate the token with authorization server..??, below are those links . please correct me if I am wrong stackoverflow.com/questions/55548585/why-resource-server-has-to-know-client-id-in-spring-oauth2
The explanation given in the beginning is not clearly explained with code. Losing interest as the coding progress since there is no connecting explanation between the code and concept. Please improve
Awesome explanation , could you please integrate this Auth server concept with Spring Cloud API Gateway it would be more helpful
I've been trying to wrap my head around OAuth 2.0 from past 1 week. Tried many blogs and video tutorials but nothing was as clear and simple as this video. Thanks a lot!
Thats all i want 😍
Many Thanks Krish!! You are awesome!
Thank you. check out latest content. we talks latest approached on MS
Explanation is very clear...I have more confusion but now i'm clear and i'm in correct track...Thank you so much....
you are a perfect teacher. Waiting for the next lecture. Thanks!
අයියා මේක නියමයි. ඔයාට මාර teaching skill එකක් තියෙන්නේ , Thanks a lot!
Nice session and thanks for spending your valuable time.
realy very clean and smart video. Thank u so much
Explanation is clean and clear ...... 😊🤞.... Thanks for the tutorial...🙂
I had lot of confusion before watching this video, but now totally cleared. thanks
Thanks Krish for nice valuable presentation.
really great, very granular description...subscribed
Very good video. Thanks! Keep them coming
sure
Really good explanation sir..
LOVE IT!
Thanks a ton for this presentation really very helpful
Great explanation, i had confusion in the error information now its clear. Thank you so much
So nice..
You are great Sir
Amazing tutorial and easy to undestand! Thank you so much (y)
You're very welcome!
It was really helpful. thank yooooooou
Good one Krishantha.
Thanks Krishantha, its really helpful.
Great tutorial, Clean and clear!
Thanks a lot sir, you are really explained in a better understanding way..
great tutorial i love the way you explain
Great informative content..👍👍
thanks man, learnt alot
Great explanation
Thank you very much
Great
very nice sir! thanks ! pls keep posting more videoes on Kubernetes and docker concet=pts
You deserves a subscribe mate.
Great!
Great Video
I Working on role based inventory management system using angular UI. At backend using microservices using Spring Boot 2.6.1. Can you please make a video for oauth2-client, oauth2-resource-server? I am very confused to create authorization server and then protect spring cloud api gateway to ensure the protection of all microservices with user login.
Thanks a lot...very good explanation
Great Tuto
its nice, instead showing yourself better focus on presentation, so that no distraction.
Superb explanation and the drilling down the when the issues appear. Haven't seen this kind of tutorial regarding OAuth2 Spring security, Cheers #Krish
How does one create new CLIENTs and USERs in production. Here we have used SQL scripts to create users/clients. Thanks for your videos. It helps learners like me.
Great video! Could you please show/explain what exact request sent from your HttpClient (curl format). Also I'm lost when to send "mobile/pin" and when "krish/krish123"
super
Hi Dinesh, currently "cloud oauth" dependency is not available in spring initializer app. Also the @EnableAutherizationServer has not been supported by spring boot.
Is there any other ways to make authorization server with latest updates. If possible could you please make a video?
I have few question:s
1. why AuthenticationManager is not required to be injected to endpoint at the time of reading the client-credentials from yml file(same for passwordEncoder).
2. why AuthenticationManager is autowired only inside AuthServerConfigurations(not in UserConfiguration)
Thanks in Advance...
Sir Please post one video on jwt token store
9:37 you mentioned that the client talks to resource owner first. But 11:16 you are mentioning that the client talks to authorization server first. Why?
Client talks to auth server and auth server and it redirected to resource owner for concent
Hello Krishantha, Are you going to release the videos on Resource server also..??
Could you also create a video for oauth 2.0 using grant type as client_credentials with separate applications for Authorization server and resource server. Thanks in advance..!!
Thanks
Thanks so much 💪
Any time!
Can you make tutorial about oauth2 using mongodb ? I have many problem when i change to mongoDB .. Thank you so much !
which app do u use for api testing, that looks really cool
I'm getting 401 unauthorized in spring boot 2.2.5 for this configuration, can't find why...
did you try to pull my project from git and run?
I have downloaded but not working giving 401
@@krish the same issue is coming for me as well...
You might get the username and password in console as encrypted.
Did u see this:
2021-05-09 22:24:51.683[0;39m [32m INFO[0;39m [35m2528[0;39m [2m---[0;39m [2m[ main][0;39m [36ma.OAuth2AuthorizationServerConfiguration[0;39m [2m:[0;39m Initialized OAuth2 Client
***********************************
security.oauth2.client.client-id = mobile
security.oauth2.client.client-secret = ****
************************************
[2m2021-05-09 22:24:51.787[0;39m [32m INFO[0;39m [35m2528[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.s.concurrent.ThreadPoolTaskExecutor [0;39m [2m:[0;39m Initializing ExecutorService 'applicationTaskExecutor'
Check your maven dependencies.
Add:
org.springframework.security.oauth.boot
spring-security-oauth2-autoconfigure
2.2.2.RELEASE
Now its should be worked.
Excellent presentation, but I am not able to move forward, facing Unauthorized error message even after sending basic auth params.Output looks like this {
"timestamp": "2019-08-12T06:18:58.932+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/oauth/token"
}
Me too, do you already found a solution ? i'm struggling with it
@@limerickgangster Me too, do you already found a solution ? i'm struggling with it
@@Lucas-of6ou also for me, Did any one found a solution guys?
Same problem for me as well...
Did u see this:
2021-05-09 22:24:51.683[0;39m [32m INFO[0;39m [35m2528[0;39m [2m---[0;39m [2m[ main][0;39m [36ma.OAuth2AuthorizationServerConfiguration[0;39m [2m:[0;39m Initialized OAuth2 Client
*********************************
security.oauth2.client.client-id = mobile
security.oauth2.client.client-secret = **
**********************************
[2m2021-05-09 22:24:51.787[0;39m [32m INFO[0;39m [35m2528[0;39m [2m---[0;39m [2m[ main][0;39m [36mo.s.s.concurrent.ThreadPoolTaskExecutor [0;39m [2m:[0;39m Initializing ExecutorService 'applicationTaskExecutor'
Check your maven dependencies.
Add:
org.springframework.security.oauth.boot
spring-security-oauth2-autoconfigure
2.2.2.RELEASE
Now its should be worked.
roles in not coming once you doing in in-memory java code configuration
Why did you change application.properties to application.yml?
.properties and .yml do the same work but code formation is easier in .yml than .properties.
Hi, Nice session. Could you please commit the final oauth2 project in github.
If possible, can you give the session on below integration(SSO) :
apps will be : 1 Central Authentication and authorization server with its own custom login page.
2. There will be micro-service which have a rest api
3. Web MVC application with spring security, when application is run, user is redirected to login page of Authentication and authorization server and upon successful login user is redirected and lands to home page from where he further try to get respose from above rest api based on client secret and id
I am not able to make it work with context path. Use to work fine with spring 1.5 but getting problem with spring 2. Any ideas why
Hi Krish , How will i do refresh token and how can i send permission with jwt token ,Plz
I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs.
1st I got the access_token from that Service.
Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know. Sir, please respond asap.
I am not sure, how will you implement this using Zuul as the edge node
What REST client app are you using for testing?
Hi Krish,
what's the http client you use ? Thank you, Esteban
Thanks a lot for the efforts
But this ended up to be an another oauth tutorial with no insights!! How to do oauth in spring is available easily but explanation on how to do with insights!!! Stil missing
Please help
what if in my application let's say I am implementing the oauth using google for SIGNUPand when the user gets signup using the google auth and then the google auth will only give me the email id of the user then how I am going to implement the Authorization in my application like role based giving access to different users.
you can create scope and permissions on google side when you create your
app. so on the authorization process it returns scopes and permissions belongs to particular user
how to add resource server along with this?
What is the difference between oauth and ssl
Oauth is security (authorization) architecture and SSL is level encryption mechanism
refreshtoken not getting
I have implemented as instructed in the video. But I am encountering an exception for POST /oauth/token HTTP/1.1
Host: localhost:8090
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bW9iaWxlOnBpbg==
User-Agent: PostmanRuntime/7.19.0
grant_type=password&username=cs405017&password=*****&role=ADMIN.
Exception :
[nio-8090-exec-2] o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: NestedServletException, Handler dispatch failed; nested exception is java.lang.StackOverflowError.
On reading different similar issues on the internet --- all of them points out at authenticationManager instantiation override. But I have correctly overriden it.
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
pom.xml
org.springframework.boot
spring-boot-starter-web
org.springframework.cloud
spring-cloud-starter-oauth2
org.springframework.cloud
spring-cloud-starter-security
2.1.4.RELEASE
Please assist.
want to diagnose your exact problem. so can you please clone my project from github and try to run that...? and tell me the outcome
which tool are using to build the oauth
Spring security
I can not find you on Instagram
May I know what are the client-id and client-secret stand for?
hey. I also had the same question. Did you figured it out by now?
Hi Krish, I followed your oauth 2 example and could get declarative way code running,but programmatic way is not working,gettinh unauthorized for /oauth/token,followed your video and example step by step,can u pls suggest
did you try to pull my code from github and run?
I downloaded your code from GitHub for this, tried,but getting missing grant type error
Anand Nerurkar you have same issue for my project?
I ran your project as it is, then trying to hit localhost:8282/oauth/token with basic auth client id as web clientsecret as webpass ,body aas urlencoded , grant type as password username as Krish and password as Krish pass as mentioned in the code,but getting error as invload request and missing grant
Hi Sir ,
I am not able to understand why client-id and secret along with user name and password has to be put in-order to get authorization code ?? If my understanding is correct , user is not related to any client apps which gets registered with authorization server .
Please help
you are correct. you users are not bound to client-id or secret. watch the video one more time :) you need client-id and secret in the request for client app to authenticate with Authorization server.
@@krishantha thanks for replying sir , I will watch it again today
Hi Sir ,
I did some reading and went through couple of articles related to it ,if my understanding is correct resource server is also an additional client of authorization server so that why we provide client-id and secret inorder to validate the token with authorization server..??, below are those links . please correct me if I am wrong
stackoverflow.com/questions/55548585/why-resource-server-has-to-know-client-id-in-spring-oauth2
Ganesh balasubramanya yes
@@krishantha Thanks for replying sir , really waiting for your next video
Please check and answer. I am Stuck.
The explanation given in the beginning is not clearly explained with code. Losing interest as the coding progress since there is no connecting explanation between the code and concept. Please improve
Thank you very much