This is very in depth video and explains the subject with all options available. you are subject matter expert of this topic! Only suggestion I have is as its huge topic and you tried to cover it in 1.5 hours, it takes a lot of time( for me almost 5-6 hours) to understand and keep the interest for whole session. You can create playlist for this and add different set of videos with respective names to it so that user will not loose the interest while going through whole content.
I am fond of your tutorials. Could you make a dedicated tutorial on Spring Boot (2.7.3) with OAuth2 (Authorisation server-0.3.1, Resource server, Client server), JWT and Angular. There is no such tutorial available on CZcams. 🙏
Very well explained. Can you please do a tutorial to set it up on a api-gateway and use JDBC user federation for a custom sign-up and sign-in, also map roles and scopes
Please note WebSecurityConfigurerAdapter is deprecated and it requires the use of security filter chain.... also keycloak djboss is no longer used in keycloak and that held me down for weeks before seeing the new way of going about it. I would appreciate if that ammendment can be done
Great and thanks a lot. Could you please make a tutorial to explain how to add SSL to Keycloack especially a self-signed one which we can use in our own server?
this is the best tutorial on the subject hands down it covers a lot of flows with details.Thank you very much. It is recommended to implement authorization code flow even in a spa+spring boot application? i did so by redirecting the spa initiated login to rest endpoints that triggers the flow and then storing the access token on the client side once the flow finishes, but with the pcke approach it seems simpler.. thanks
Hi Thanks Very good I don't want to create users in keycloak, I want to create them in springboot and then they will be added to the keycloak user page. Can you help me what should I do?
21:41 although i've done all oauth2 client settings, i'm not being re-directed to keycloak login page. instead i'm able to directly acess home page! Just fyi, from the code downloaded from your repo, in intial branch, there's no SPRING SECURITY DEPENDENCY .. only you asked us to add OAUTH2-CLIENT dependency in POM!
I fixed it by passing only oauth-demo-thymeleaf-client as client id. Earlier, by mistake i had put the following line - with and all ... spring.security.oauth2.client.registration.oauth2-demo-thymeleaf-client.client-id=localhost:8080/login/oauth2/code/oauth-demo-thymeleaf-client
appriciating your effort and time. It was a fantastic tutorial. Im using Spring Cloud gateway. If i use client- credentials then i get '401 unauthorized' response. As well as if i mention the properties in the yml file then it is not considering that. Thanks for your teaching!!!
@@ProgrammingTechie.The problem was in the spring-boot-starter-oauth2-client dependency. This made my gateway stateful, by sending back a SESSION-Cookie instead of an Access-Token from the authorization server. Unfortunately i couldn't use the official Spring-Boot-Adapter, provided by Keycloak (www.keycloak.org/docs/latest/securing_apps/#_spring_boot_adapter) because this Adapter has some web dependencies, and as the spring-cloud-gateway is built on webflux, the web dependencies required by keycloak cannot be used in conjunction.
Hello, great course ! I have one question on the pkce section, why does the frontend app need to be refreshed in order to get a call to the rest api (before refresh there is 401) even though we're authenticated & authorized.
A year layer, I am here searching for solution to the same problem. I have used the one of the recent versions( 19.0.3 ), I have the same problem. When I am logged in, the backend requires token for end-points that do not need authorization. It is strange. Have you had any luck with your development?
how we can add logout functionality. I have logged out but when i am trying to login again then without asking credentials it logged in . Can You Please Help ?
Great job👍, but why you did not use KeycloakRestTemplate or oauthresttemplate fot rest communications between microservices? This is usefull and will be clear code
Question about user registration, how can I implement a checking on an existing DB or API call before registering the user? Also if this is possible, how can I make it work with spring boot gateway?
You can generate the project under the resources folder, the better way is to create a seperate maven module for frontend projects. You can see how to do that in my CZcams Clone project series part 1
Great job, it's clear you put a lot of effort into this tutorial. Just one question, have you ever implemented a mobile client login for your own oauth2 keycloak server? I am confused because I see the recommended way is auth code flow with PCKE and this implies redirects, so this would imply using some webview with keycloak login page. Can it be done with a native interface not loading keycloak login page? I think that password credentials flow can be used but I'm afraid it's not secure as auth code with PKCE. Not sure how facebook/google app does login to their own server with their apps, just to be clear I'm not discussing about a situation where a third party app requests delegate authorization.
Hey, I've been following along on your tutorial (great work btw, love the content), but I faced an issue once I tried to run the spring boot app: Provider ID must be specified for client registration
Great explanation. The project I am trying to implement need keycloak+oidc with pkce and the format of application is like frontend(angular) & backend microservices. And I am really confused because I followed your video and added the code changes in angular code but the login page requirement is different in my project and so not working at all. We dont have a button for login separately. Instead, on clicking of the application url or login page in browser searchbar, the user should be navigated to keycloak login page automatically. So what additional code changes I should add? Also should I not any keycloak specific integration code like init.ts and guard.ts file, keycloakinitializer in app module etc.? if I am using oidc with pkce? Please provide your email id so that I can contact.
Please note WebSecurityConfigurerAdapter is deprecated and it requires the use of security filter chain.... also keycloak djboss is no longer used in keycloak and that held me down for weeks before seeing the new way of going about it. I would appreciate if that ammendment can be done
This channel is Gold
Dude is the best indian on youtube
I'm so grateful that I've found your channel today ! I'm going to start with maven & watch all your videos on spring etc
I love this men, I have been looking for this since 5 days now thank God you are a blessing to me.... God bless bro
The best explanation of using oauth2 with Keycloak and Spring Security! Very nice!!! Thank you very much.
hey bro did find the solution yet?
Very well done. best explanation of using oauth2 / pkce with angular I have ever seen in an online tutorial.
Keep it up mate!! You are very good at this. Well explained, well structured, very well done
Really well structured online course. Never found the same with others. You're at best, keep it up.
Thank you for the time and effort you put into these videos so that they are that great!
Thankful would be an understatement ❤
This is very in depth video and explains the subject with all options available. you are subject matter expert of this topic!
Only suggestion I have is as its huge topic and you tried to cover it in 1.5 hours, it takes a lot of time( for me almost 5-6 hours) to understand and keep the interest for whole session. You can create playlist for this and add different set of videos with respective names to it so that user will not loose the interest while going through whole content.
There is already a playlist with individual videos, check the playlist section of my channel
@@ProgrammingTechie Sure, Thank you!
Thank you for this. Great material.
Thanks for tutorial , this is what i was looking for !
Amazing tutorial! It explains lots of topics I need to cover. Thanks.
I am fond of your tutorials. Could you make a dedicated tutorial on Spring Boot (2.7.3) with OAuth2 (Authorisation server-0.3.1, Resource server, Client server), JWT and Angular. There is no such tutorial available on CZcams. 🙏
Very well explained. Can you please do a tutorial to set it up on a api-gateway and use JDBC user federation for a custom sign-up and sign-in, also map roles and scopes
I am also expecting Same.
Your tutorial is awesome. Very informative. Thank you very much.
great tutorial. Thank you.
You have done a great job 👏 thank you.
very well, Thank you for the tutorial.
You have done a great job 👏 thank you and 🎩
awesome tutorial
Please note WebSecurityConfigurerAdapter is deprecated and it requires the use of security filter chain.... also keycloak djboss is no longer used in keycloak and that held me down for weeks before seeing the new way of going about it. I would appreciate if that ammendment can be done
Thank you for the tutorial.
Great Stuff!! Thank you!
Really well structured way tutriol related keycloak . but Your voice pitch is so fase.Thank you.
Thanks a lot, great work
Great content
Nice guide, thx
21:30 I get this error after running the project: "Provider ID must be specified for client registration 'oauth2-demo-thymeleaf-client'"
Great and thanks a lot. Could you please make a tutorial to explain how to add SSL to Keycloack especially a self-signed one which we can use in our own server?
I am not really experienced with the Keycloak server administration, so I have no plans to do any videos on this topic in the future
this is the best tutorial on the subject hands down it covers a lot of flows with details.Thank you very much. It is recommended to implement authorization code flow even in a spa+spring boot application? i did so by redirecting the spa initiated login to rest endpoints that triggers the flow and then storing the access token on the client side once the flow finishes, but with the pcke approach it seems simpler.. thanks
Hi
Thanks
Very good
I don't want to create users in keycloak, I want to create them in springboot and then they will be added to the keycloak user page.
Can you help me what should I do?
21:41 although i've done all oauth2 client settings, i'm not being re-directed to keycloak login page. instead i'm able to directly acess home page! Just fyi, from the code downloaded from your repo, in intial branch, there's no SPRING SECURITY DEPENDENCY .. only you asked us to add OAUTH2-CLIENT dependency in POM!
I fixed it by passing only oauth-demo-thymeleaf-client as client id.
Earlier, by mistake i had put the following line - with and all ...
spring.security.oauth2.client.registration.oauth2-demo-thymeleaf-client.client-id=localhost:8080/login/oauth2/code/oauth-demo-thymeleaf-client
appriciating your effort and time. It was a fantastic tutorial. Im using Spring Cloud gateway. If i use client- credentials then i get '401 unauthorized' response. As well as if i mention the properties in the yml file then it is not considering that. Thanks for your teaching!!!
Hi, which keycloak version are you using ?
@@ProgrammingTechie keycloak-14.0.0
@@ProgrammingTechie.The problem was in the spring-boot-starter-oauth2-client dependency. This made my gateway stateful, by sending back a SESSION-Cookie instead of an Access-Token from the authorization server.
Unfortunately i couldn't use the official Spring-Boot-Adapter, provided by Keycloak (www.keycloak.org/docs/latest/securing_apps/#_spring_boot_adapter) because this Adapter has some web dependencies, and as the spring-cloud-gateway is built on webflux, the web dependencies required by keycloak cannot be used in conjunction.
Keycloak with spring boot with https.
Do you have any tutorials for it?
Hi sir, I'm getting page not found for my keycloak homepage. could you please tell me how to resolve it?
Hello, great course ! I have one question on the pkce section, why does the frontend app need to be refreshed in order to get a call to the rest api (before refresh there is 401) even though we're authenticated & authorized.
A year layer, I am here searching for solution to the same problem. I have used the one of the recent versions( 19.0.3 ), I have the same problem. When I am logged in, the backend requires token for end-points that do not need authorization. It is strange. Have you had any luck with your development?
With regards to the redirect-uri, can we use any uri or is it just that of the client application end-point
how we can add logout functionality. I have logged out but when i am trying to login again then without asking credentials it logged in .
Can You Please Help ?
Great job👍, but why you did not use KeycloakRestTemplate or oauthresttemplate fot rest communications between microservices? This is usefull and will be clear code
Could you please update the video bc for now spring security and keycloak already upgraded. please try ti create new video for this lecture
53:55 the microservice1 is both a client and a resource server? What about the microservice2 then?
seems like its not real life example, who will go and manually create users in console?
Question about user registration, how can I implement a checking on an existing DB or API call before registering the user? Also if this is possible, how can I make it work with spring boot gateway?
what is the password by programming-teachie for login?
Awesome video and explanation 😁 do you have any links for a good course which explains about JWT token with spring security.
Hey can you suggest the similar oidc library for react? Thanks!
how did u generate the initial repo? can you go over it? im confused to to add angular and the other projects to it
You can generate the project under the resources folder, the better way is to create a seperate maven module for frontend projects. You can see how to do that in my CZcams Clone project series part 1
Great job, it's clear you put a lot of effort into this tutorial.
Just one question, have you ever implemented a mobile client login for your own oauth2 keycloak server? I am confused because I see the recommended way is auth code flow with PCKE and this implies redirects, so this would imply using some webview with keycloak login page.
Can it be done with a native interface not loading keycloak login page? I think that password credentials flow can be used but I'm afraid it's not secure as auth code with PKCE.
Not sure how facebook/google app does login to their own server with their apps, just to be clear I'm not discussing about a situation where a third party app requests delegate authorization.
Hey Thank you 🙂
I don't have experience implementing Oauth2 for mobile client, I only implemented it for the SPA. So I cannot help you here ☹️
@@ProgrammingTechie Is this using Auth Code flow? btw Thank you very much for the videos!
54:10 why do we need this jose thing if there is no JavaScript involved in this flow?
JSON (= JavaScript Object Notation) objects are involved
How do i get the tokens from 15:41?
Hey, I've been following along on your tutorial (great work btw, love the content), but I faced an issue once I tried to run the spring boot app: Provider ID must be specified for client registration
Do u have any idea about such an error, I've been racking my brain over it for a while, thanks
70
Give me link Donate, NOWWWW
Great explanation. The project I am trying to implement need keycloak+oidc with pkce and the format of application is like frontend(angular) & backend microservices. And I am really confused because I followed your video and added the code changes in angular code but the login page requirement is different in my project and so not working at all. We dont have a button for login separately. Instead, on clicking of the application url or login page in browser searchbar, the user should be navigated to keycloak login page automatically. So what additional code changes I should add? Also should I not any keycloak specific integration code like init.ts and guard.ts file, keycloakinitializer in app module etc.? if I am using oidc with pkce? Please provide your email id so that I can contact.
Please note WebSecurityConfigurerAdapter is deprecated and it requires the use of security filter chain.... also keycloak djboss is no longer used in keycloak and that held me down for weeks before seeing the new way of going about it. I would appreciate if that ammendment can be done