Next Generation OAuth Support with Spring Security 5.0 - Joe Grandja
Vložit
- čas přidán 9. 07. 2024
- Spring Security 5.0 introduces new support for the OAuth 2.0 Authorization Framework and OpenID Connect 1.0.
This talk will provide a detailed overview of the new OAuth 2.0 Login feature, which provides the capability for authenticating the end-user against a standard OAuth 2.0 Provider or an OpenID Connect 1.0 Provider. This feature essentially realizes the use case “Login with Google” or “Login with Facebook” and is implemented by leveraging the Authorization Code Grant flow.
This talk will also walk through the necessary steps in setting up OAuth 2.0 Login using Google as the Authentication Provider.
Joe Grandja, Spring Security Senior Engineer, Pivotal
Filmed at SpringOne Platform 2017 - Věda a technologie
Thanks Joe :)
Great... Finally found a perfectly working code
thanks ... This video is good for me :)
Thank you so much JOE.. But getting problem when i am calling through simple proxy in react application it still redirecting to server side base url . can you suggest how to solve this
Do you havre any resources on Unit Testing a controller that is secured by OIDC?
i got a doubt which method do i need to override for custom access token request for adding a custom header for the request
Do you have a tutorial for Auth Server with Spring Security 5 - OAuth2? I appreciate if you can point me to any running sample of Auth Server and Sample Client with Spring Security 5 - OAuth2 | JWT.
Link to the referenced GitHub: github.com/jgrandja/springone2017-demo
We have big problem with additional OAuth2 providers: github.com/spring-projects/spring-security/issues/5228
Actually, in the application.yml, including 'openid' in the scope entries for the client registrationId, google, causes the authentication attempt to fail, with error msg -
(Your login attempt was not successful, try again.
Reason: [oidc_provider_not_configured] An OpenID Connect Authentication Provider has not been configured. Check to ensure you include the dependency 'spring-security-oauth2-jose'.)
Where-as, removing it, results in authentication going through successfully.
A quick read through the source code inside the SpringSecurity project's source file at github.com/spring-projects/spring-security/blob/master/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java, shows/confirms why (see lines 579-588).
So, any explanation as to why 'openid' was included in this presentation and it seemed to have worked and not throw the above error? Thnks.
Or perhaps, the code/functionality has been changed since after this presentation was done last December 14, 2017. ???