How to secure SpringBoot REST APIs using AzureAD B2C OAuth2 scopes?

Security in Action 101

zhlédnutí 3 733

Přidat do
- Můj playlist
- Přehrát později
Sdílet

Sdílet

Vložit

Velikost videa:

Zobrazit ovladače přehrávání

Automatické přehrávání

Přehrát

čas přidán 10. 09. 2024
This video explains how to build a SpringBoot application from scratch and secure the APIs using the AzureAD B2C OAuth2 scopes. It uses the OAuth 2.0 client credentials grant to get access token from AzureAD B2C and use that access token to call the SpringBoot APIs.
Documentation referred :
SpringBoot Security : docs.spring.io...
AzureAD B2C Client credentials : learn.microsof...
#identity #iam #security #sso #oidc #idtoken #spring #springboot #openidconnect #java #javaprogramming #javasecurity #springsecurity #oauth #oauth2 #apisecurity #azure #azuread #azureactivedirectory #azureadb2c #oauth #oauth2

Komentáře • 26

@securityinaction1018 Před 7 měsíci ⁺²
Please subscribe to this channel for regular updates czcams.com/channels/EEayyyCrJO94FYlzF0NLTg.html
Thank You for the support.
@shikhinmisra8671 Před měsícem
I don't know why your videos have less views. Have been learning from youtube since 15 years but never found anyone creating POCs by referring to the actual documentations. Your approach really gives a lot of confidence! Needless to mention that the topics you cover are really difficult to find elsewhere. Great content!
@securityinaction1018 Před měsícem
Thank you so much !! I will keep trying my best to post quality videos.
Please like, subscribe & share this video / channel !! Thanks in advance.
@papidulzuratravel8715 Před 10 dny
You just help me immensely with a current issue! ❤
@securityinaction1018 Před 8 dny
Glad it helped!!
Please like, subscribe & share this video / channel !! Thanks in advance.
@user-vv9gq9cz2z Před 5 měsíci ⁺¹
This was an excellent video, thanks for sharing it!
@securityinaction1018 Před 5 měsíci
Thank you.
Please like, subscribe & share!! Thanks in advance.
@ViswanathTumbalamGooty Před 2 měsíci ⁺¹
Good video - One quick question, in step-4 said that the token will get validated... how and where the token will get validated ?
@securityinaction1018 Před 2 měsíci
All these validations are taken care by SpringBoot security classes. You can customize this which is generally not required. Refer this documentation for more details : docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html#oauth2login-advanced-idtoken-verify
Please like, subscribe & share this video to support this channel !! Thanks in advance.
@helencode Před 14 dny
What is diference between Azure AD B2c and Entra Id in configuration. And which one i should use. Thank you
@securityinaction1018 Před 13 dny
Here are some links which will clear the confusion :
learn.microsoft.com/en-us/answers/questions/1556632/confusion-around-azure-ad-b2c-vs-microsoft-entra-e
learn.microsoft.com/en-us/entra/external-id/customers/faq-customers#is-microsoft-entra-external-id-a-new-name-for-azure-ad-b2c
Please like, subscribe & share this video / channel !! Thanks in advance.
@christianrazvan Před 7 měsíci
Some of the blades are missing in Azure B2C
@harshats1 Před 2 měsíci
how to change "exp" jwt claim in azure entra ID
@securityinaction1018 Před 2 měsíci
You can try changing the token lifetime as mentioned here learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes and that should change the exp claim accordingly. I have not tried that. But, I think it should work.
Please like, subscribe & share!! Thanks in advance.
@ScoobyDoo-ct9nd Před 5 měsíci
Explained very well and really excellent!!!
@securityinaction1018 Před 5 měsíci
Glad you liked it!!
Please like, subscribe & share!! Thanks in advance.
@satyarajGovindaDas Před 5 měsíci
Great video and explaination. Though the Azure portal have few changes than this video but the concept remained pretty much same. I followed everything as per your video and verified with Azure documentation too, but I'm getting Invalid grant type.(value=client_credentials). Please help to resolve
@securityinaction1018 Před 5 měsíci
Thank you. Please check if "accessTokenAcceptedVersion" in the manifest file is set to 2 as mentioned in this document learn.microsoft.com/en-us/azure/active-directory-b2c/client-credentials-grant-flow?pivots=b2c-user-flow#step-2-register-an-application
Please like, subscribe & share!! Thanks in advance.
@satyarajGovindaDas Před 5 měsíci
@@securityinaction1018 yes it is. All the steps mentioned in your video and the Azure documentation was followed strictly.
@securityinaction1018 Před 5 měsíci
It's pretty difficult to debug without seeing the setup. One more thing I can think of is the "Application ID URI" as mentioned in this document learn.microsoft.com/en-us/azure/active-directory-b2c/client-credentials-grant-flow?pivots=b2c-user-flow#step-11-define-web-api-roles-scopes. Please make sure it is configured as mentioned in the video.
@satyarajGovindaDas Před 5 měsíci
@@securityinaction1018 yes, the verified and even recreated Application ID URI with new unique ID. still no luck
@securityinaction1018 Před 5 měsíci
If it is fine, please share the curl command. Make sure client ID and client secret is not exposed in public comments.
@johannesmarais2755 Před měsícem
Great video. I am getting the following exception when adding the issues found in the token: "Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of: registeredDomain/{tenantId}/v2.0/"
@securityinaction1018 Před měsícem
It looks like a wrong issuer. registeredDomain/{tenantId} are placeholders. You need to replace that with the actual values.
Please like, subscribe & share this video / channel !! Thanks in advance.

Další v pořadí

Automatické přehrávání

How to secure SpringBoot REST APIs using Auth0 OAuth2 scopes?