Spring Security - OAuth2 Example Using GitHub | SpringBoot | Java Techie
Vložit
- čas přidán 22. 08. 2019
- This video explain you how to use Spring Security OAuth2 using GitHub as Resource server | Spring Boot | Spring cloud security
#Javatechie #OAuth2 #SpringBoot
GitHub:
github.com/Java-Techie-jt/spr...
Blogs:
javagyanmantra.wixsite.com/we...
Facebook:
/ 919464521471923
Music: City_of_Jewels
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community , you are free to use source code from above mentioned GitHub account - Věda a technologie
4:16 out of all explanations I've read, this right here is the best
This class was great! Thank you master!
It is crystal clear. Thank you so much! keep doing such videos.
Because of you @Java techie i passed last semester and on my way to pass this semester. Thanks a lot
Glad to hear this 😊
Great session, really I got clarified all the queries in this video, thank you so much!
Basant sir is great helping lot of IT employees
Excellent explaination ., Awesome Sir !! Many Thanks !!
Thank You, Your explanation is nice, I understood and did a simple OAuth application
Thanks Basant ..
For OAuth2 Example.
Great great clear explanation! Thank you Boss
too simple explanation great sir thank you so much
Amazing..
You explanation is to the point.. Like that.. 👍
I hope you upload new video regularly. 💙
Thank you Mohammad +
Yes will continue upload on every weekend 👍
your content is awesome as always..
if i want to know any concept i always prefer your channel 👍. the way you explain is good, it helps too
Thank you buddy 🤗
Very nice bro. Splendid job
Nice explanation. Awesome!
Nice explanation Sir..keep it up(This is Ranjan Das from Facebook😛)
Splendid job bro.
Good explanation , thanks
No one can explained like this. Great job very clean 👌 I got both theoritical and practical knowledge
Great video Sir 👍👍👍
Nice explanation. Please do signout section as well.
Thank you!
Thank you😊
simple awesome
Amazing bhai saab😍😍
thanks sir
We can also do single sign on / security by passing using spring security right (http basic authentication) from one application to another by skipping actual login page /screen .
awesome demonstration sir, , kindly do the same okta with the Spring Boot 3 version , the older version not working properly, all the time got bad requests
Nice bro
Thanks Sir🙂 Helped me to understand.
How authorization server generates token and resource server validates the same, could you please explain sir
Hi.. As per the flow diagram after successful authentication only authorization server sends access token right? then how come access token send as cookie in login page before authentication ?
Very Good Explanation Basant.. so I guess most of company web applications are using OAuth token security only. Correct?
Yes now a days max using it
Nice video. Can you make a video using LinkedIn?
Okay I will try this
Hi bro , This video is really good about Oauth. Having some doubt on this, In the example we registered the local host app to Git hub as an oauth App and client id and client secret key generated.
But in real time example Hacker rank with Git Hub login , Hacker rank registered as oauth app automatically post successful github login . How does it happen internally ? Can you explain the code for that ?
I have one doubt,
In this example we put our clent id and secrt id in our appliaction, which was taken from our git hub,
1)But real time like haker rank we cant put mannually right,??
2) as per my assumption after validating username and password, doest github gave cleint id and scrt id return back to appliacation after succussfull login??
I have these doubt from so many days??
If in that case what we need to put in our yml file??
Hy, 'Java Techie' linke Tour explanations. Very clear and understandable. One question: What"s the Authentication-Code? Is this a random Nummer choosen by yourself? Thx, bye.
Sorry, not getting you
@@Javatechie Sorry, wrong typing. I like your Explanation. When you typed in your Authentication, you also typed in a Number in the field Authentication-Code. Where you where getting this number?
@@smartatwork2344 I enable two factor authentication so I got OTP to email so am using that number
It means each user will add the Clinet application details in their githup profile.... Dynamically how to do sir..
Thanks for ur effort...
Hello. Very nice example. I have a question. I can see that the client I'd and secret string is directly configured in the spring boot app and that only helps an individual user to be authenticated by Github authorization server. What happens in a real time production grade project? Do we decouple this sensitive information and store it somewhere else. And what configuration we need to make if we want to access the restful api created in this example to be accessed by any user having valid github credential. I hope there is a way to dynamically use the users client I'd and secret key in the spring boot configuration
Hi Prartha, I never tried , let you know soon
Sure.. I will search for the same as well
Can you please do one session on two or more microservices with oauth2
Yes I will do that.since maximum viewers requested for the same It's in queue
Hi @java Techie if possible can u please upload the video for how the Token is generated and what we need to use for encryption and decryption logic in which class need to write and give access.
Make video on jwt also ;)
Hi sandhya , its already there in my channel here is the link czcams.com/video/rBNOc4ymd1E/video.html
another question : why you added client security dependency ? spring security dependecncy will not work ? or we really need any of these dependency to create this application ?
You need oauth2 client dependency to delegate your security concern to a 3rd party identity provider (GitHub/ Facebook / Gmail etc...)
What is the authorization grant type used, authorization_code or implicit grant?
Implicit grant
@video 13.32 you mentioned that Access Token is sent from client . Could you please explain how the client generated access token ? Because we had configured only the Client Secret in the yml file.
Same doubt bro
When I say client it is our application buddy.
What is the need of sending back the access token to github resource server which was given by github itself
GitHub authorization server will send access token , how resource server will verify already you authorized it ?
That's the reason access token should be 2 way
How come the access token in the cookie before sign in to the GitHub account...while you were inspecting the elements
Sorry didn't get you
Is it recommended to use in a real time Application I mean there is no secrecy of client id and client secret
No not recommended
Sir please make a video how to create own identity provider
Yes we can do that . I will try this
Ok sir please create video as soon as possible because I want to implement it in a practical way
@@Javatechie Sir please make a video how to create own identity provider
Hi Basant.
Spring Boot just got updated to 2.3.4
Inspite of logging out of Github, why is it not asking for the credentials for the next subsequent login when I type the same url on another chrome tab? I dont want to restart the app
Wao great update let me check if there is any update
@@Javatechie Yes I found the Tomcat jars are new as compared to the 2.3.3 version
I am trying spring version 2.6.1 and even maven update.. i am unable to get resolved, kindly guide should i change to as you mentioned and or go with that. ?
What is the error ?
HI Basant
I am getting below error after login
ava.lang.IllegalStateException: Access token provider returned a null access token, which is illegal according to the contract.
Could you guide how to cret a spring boot oauth 2 with keycloak for multitenant?
Your way of teaching is awesome.
I need a help, Actually I want to consume the services of Adobe analytics. I have retrieved all the essential data required but I am confused what to put in "security.oauth2.resource.user-info-uri" property. When I start my server then I am able to login but it stuck on that page only. Can you please help!
What third part you are using for SSO ?
Is it same GitHub ?
@@Javatechie I am trying to fetch the data of Adobe Analytics using API and trying to get it authorized by Oauth2.0.
So in Application.properties what should be written under security.oauth2.resource.user-info-uri.
I tried this one ,successfully run application ,and getting login page but login by giving credentials getting error page "site can not be reached ".in application logs are also fine so not able to check exactly why i am getting error.Could you please guiding me on this.
Are you getting GitHub login page right ? If yes then please provide your GitHub credential to login
Hi sir, Can you please explain one post request through postman how you will pass authentication information in the header.
Please check my jwt security video
Can u please do vedio on Jaeger tracing
Hi Birru, I never tried this , let me check this
@@Javatechie tq
i am getting this error :
error: redirect_uri_mismatch
error_description: The redirect_uri MUST match the registered callback URL for this application.
Please help, even though done same :/
Please validate your callback uri
i think access token should not deliver by browser which should pass in the backend
I am getting a error --- field error in object 'resourceServerProperties' on field 'tokenInfoUri': rejected value [null]; missing.tokenInfoUri.resourceServerProperties.tokenInfoUri
Please help me out
Please google it .
@@Javatechie not got any solution
Where we can see the user information after token got validated
You can't see user information GitHub resource server will send to client based on your permission .
where you get this below url's.-
accessTokenUri, userAuthorizationUri, userInfoUri. if i want to the same OAuth authentication for FB or any other authorization portal. where i can get this url's.
While registering application into GitHub you will get those information
Thank you very much 😊. Very quick response. Nice explanation 👍
Hi Sir , needed the updated procedure of Spring security with OAuth2,ssince cloud security ,cloud Outh dependencies are not shown under dependencies of spring initializer,sir
after giving GitHub login credentials, i got page mentioned - you are redirect to authorised application, if your browser does support, click here,
after click it is downloaded not further process failed
Can you please share error stack trace
@@Javatechie
thank u for reply
You are being redirected to the authorized application.
If your browser does not redirect you back, please click here to continue.
after clicking on 'click here' is get downloaded
How do we know if we are using 2 legged or 3 legged ?
Great session , but i want same session with Spring MVC , is it possible ?
Yes possible but need to add more configuration
@@Javatechie could u please make video for this
Need to check,just google it once
One more question Is OAuth2 is also responsible for authentication !
Yes
HI Basant,
I really appreciate your effort, i learnt a lot regarding OAuth2, and mostly asked question in the interview.
I tried your example, but it is giving me below exception, tried finding out from StackOverFlow, but no luck, Will you please give any hint or help?
java.lang.IllegalStateException: Access token provider returned a null access token, which is illegal according to the contract.
Did you add your own access token as I shown in video how to generate
@@Javatechie Thanks a lot for your quick response, it has been fixed after watching your comment...Thank a lot again 😍
How the access token is getting generated by Authorization server and How Resource server is validating whether it is a correct access_token or not!
Saroj I inspected the console if you notice while sending request it will send token as part of request header if it is not valid you will get 403 status code else 200
You can also do same just inspect your browser while sending first request
Saroj actually , before launching the page there will be one more call to git hub to give the access token, that access token given by github because application is sending in the request client if and secret , as it’s matching with the git oauth2 credentials so only git hub authenticated and given the access token. If you want to test give wrong secret I will never get back the access token and u r not able to login I will get 403 error as Basant said. Let me know if need more information or anything confusion.
Pls Zoom in your screen.
Please explain the yml configuration parameters added
Boot 2.4.1 doest have Spring Cloud Security enabled
2.1.4 is no longer supported in STS 4 and gives ClassNotFoundException
2.3.7 gives
"message": "Not Found",
"documentation_url": "docs.github.com/rest"
How to do logout? Please explain.
Able to login but unable to logout
its Oauth 1 concept not Oauth 2
please remove ur clent id and secret from github repo
Hello,
will the information (emails) be stored in local database?
Yes you can store but what is the usecase