This is fantastic Dan, precise and straight to the point. It would be great if you had a similar demo but with Websocket transport instead of REST in the resource server. I'm really tearing my hair out with that right now :)
I was very disappointed this feature came very late after introduction of RestClient. These two things should be together shouldn't release after long time. Thanks dan 🙂
Hi Dan! Thanks for the helpful videos! What if you need to provide not only the client ID and secret, but also the username and password? So this use case is popular in enterprise m2m microservice-based architecture. What if i need to access multiple resource servers with one oauth2 client but different username and passwords (because of roles).
A nice follow on would be to add keycloak for the auth server.. :) And a comparison between spring 6.3 configuration and spring 6.4 sort of how to upgrade..
Great content Dan. I was wondering how do I use this OAuth2 restClient implementation in Spring AI assuming my base Url for OpenAI goes through a OAuth2 enabled gateway?
Hi Dan, I think it would be even better if the "scope" value in your example is an identifier of a resource server instead of "read" to demonstrate that the authorization server can even authorize accesses to multiple resource servers. To make the demo as simple as possible, you may have used the Spring application name of your resource server project, i.e. "resource-server".
Hi Dan Vega. Thanks for the wonderfully and straight-forward tutorial, I could also want to know if you have tutorial for authenticating user by generating Bearer token using Oauthj2-Client so that the client-application can path it on the request-header for authorization.??
Hi Dan, thanks for this wonderful video, i am just asking is this interceptor gonna take care of caching and refreshing token to optimize the calls to the authorization server ? i enabled debug logs, and i can see everytime i hit /lessons, client app will go and get a new token
What about 'two legged authentication' with OAuth (basically obtaining a request-token first and then use it to get the access-token)? Can this be configured with the latest RestClient?
Hey Dan! Am I correct in understanding that the majority of OAuth2 implementations revolve around authentication through services like Google ID, Facebook ID, Apple ID, GitHub, etc.?
is possible to define : .attributes(clientRegistrationId("golf-client")) somehow globally/default, please? In webclient we could define it during builder : oauth2FilterFunction.setDefaultClientRegistrationId(registrationId); and I'm looking for alternative. Thank you.
Yes, you can use the method "setClientRegistrationIdResolver(ClientRegistrationIdResolver)" of the interceptor to provide your own implementation of that interface (ClientRegistrationIdResolver) that returns a static client registration id. For example: OAuth2ClientHttpRequestInterceptor interceptor = new OAuth2ClientHttpRequestInterceptor(clientManager); interceptor.setClientRegistrationIdResolver(request -> "");
just downloaded the project. why are you making people use the latest jdk? your pom should be the min java version needed to compile. not everyone is on the latest
@DanVega I saw the anology between Quarkus/Springboot a year back. But personally there are a lot of things which are better built in SB compared to Quarkus. But rest client is definitely not the one. th-cam.com/video/Cq_YiZQRh9E/w-d-xo.html This was described long back. I feel adding it to properties and configure the client during build time is straight forward. May be we can make devX better by adding the process instead of having folks doing it themselves. I have used both framework, and feel having a better dev experience eventually matters. May be a scope for future version to remove the rest client builder from code and use properties to create one during runtime/inject during buildtime.
This is fantastic Dan, precise and straight to the point.
It would be great if you had a similar demo but with Websocket transport instead of REST in the resource server.
I'm really tearing my hair out with that right now :)
I was very disappointed this feature came very late after introduction of RestClient. These two things should be together shouldn't release after long time. Thanks dan 🙂
thanks a lot, your videos are always great
Hi Dan! Thanks for the helpful videos!
What if you need to provide not only the client ID and secret, but also the username and password? So this use case is popular in enterprise m2m microservice-based architecture. What if i need to access multiple resource servers with one oauth2 client but different username and passwords (because of roles).
Super!, thank you Dan 🎯
A nice follow on would be to add keycloak for the auth server.. :) And a comparison between spring 6.3 configuration and spring 6.4 sort of how to upgrade..
Very helpful indeed. Just wondering if oidc could also be integrated?
Great content Dan. I was wondering how do I use this OAuth2 restClient implementation in Spring AI assuming my base Url for OpenAI goes through a OAuth2 enabled gateway?
Hi Dan, I think it would be even better if the "scope" value in your example is an identifier of a resource server instead of "read" to demonstrate that the authorization server can even authorize accesses to multiple resource servers. To make the demo as simple as possible, you may have used the Spring application name of your resource server project, i.e. "resource-server".
Great video, Dan!
19:39 can we set it on the RestClient.Builder as a default ?
Hi Dan Vega.
Thanks for the wonderfully and straight-forward tutorial, I could also want to know if you have tutorial for authenticating user by generating Bearer token using Oauthj2-Client so that the client-application can path it on the request-header for authorization.??
Hi Dan,
thanks for this wonderful video,
i am just asking is this interceptor gonna take care of caching and refreshing token to optimize the calls to the authorization server ?
i enabled debug logs, and i can see everytime i hit /lessons, client app will go and get a new token
The interceptor reuses the tokens until expire?
This interceptor is smart enough to refresh tokens when it's expire?
Yes, it will cache the token and reuse it until it expires and then it will request a new one
Great job!
What about 'two legged authentication' with OAuth (basically obtaining a request-token first and then use it to get the access-token)? Can this be configured with the latest RestClient?
Awesome
Hey Dan! Am I correct in understanding that the majority of OAuth2 implementations revolve around authentication through services like Google ID, Facebook ID, Apple ID, GitHub, etc.?
Business to business applications usually have their own authentication server.
is possible to define : .attributes(clientRegistrationId("golf-client")) somehow globally/default, please?
In webclient we could define it during builder : oauth2FilterFunction.setDefaultClientRegistrationId(registrationId);
and I'm looking for alternative. Thank you.
Can we pass client registration id in the interceptor when creating rest client bean instead of passing it as an attribute in every api call
Yes you can
Yes, you can use the method "setClientRegistrationIdResolver(ClientRegistrationIdResolver)" of the interceptor to provide your own implementation of that interface (ClientRegistrationIdResolver) that returns a static client registration id.
For example:
OAuth2ClientHttpRequestInterceptor interceptor = new OAuth2ClientHttpRequestInterceptor(clientManager);
interceptor.setClientRegistrationIdResolver(request -> "");
Thanks buddy
just downloaded the project. why are you making people use the latest jdk? your pom should be the min java version needed to compile. not everyone is on the latest
@DanVega I saw the anology between Quarkus/Springboot a year back. But personally there are a lot of things which are better built in SB compared to Quarkus. But rest client is definitely not the one. th-cam.com/video/Cq_YiZQRh9E/w-d-xo.html This was described long back. I feel adding it to properties and configure the client during build time is straight forward. May be we can make devX better by adding the process instead of having folks doing it themselves. I have used both framework, and feel having a better dev experience eventually matters. May be a scope for future version to remove the rest client builder from code and use properties to create one during runtime/inject during buildtime.
Your tutorials are amazing, but could you please do it a little bit slowly? It's very hard to follow with your coding. Need to pause every 2 seconds.