This video here saved me! I understand OAuth2 and OpenId Connect but to have it in the Spring Boot way is a lot harder to figure out. Thank you so much for ythese videos!
Hi Sergio, This is the ONLY complete example I could find to make a standalone frontend work with spring boot security. Thanks a lot for that. One question - what would be the easiest way to disable security in the development environment so we can develop the back-end without logging in?
I have a playlist dedicated to deploy the backend to AWS, using the artifact or a docker image. For the frontend, i deploy it directly to S3, bit.ly/402muTc
hi! is the introspection-uri in your source code a placeholder? what should the actual uri be? Also, how does this integrate with the JWT tutorial that you've done separately? I'm trying to implement both in the same fullstack app but can't seem to interlink the 2! Thank you so much!!
The introspection uri is the real Google API URI, the one you must call to use the authentication requests. What do you want to integrate from the other videos? As this one is already a complete authentication system, where you don't need to handle the password.
Hi Sergio, thank you very much. I have a question please: what role does the userDto play in the autherization process since you registered no user ? In fact in my case I want to authenticate with Google my previously registered users Who have name, email, sellerType, address properties in a springboot registration standalone microservice. How can I handle this ? Thank you very much in advance.
This DTO is the user's information that come from Google. You can read some information like the name, email or phone number if the user accepts to share it.
@@TheDevWorldbySergioLema ok, so it means that the authentication process with Google has nothing to do with the way my users are registered in my backend registration service. If so, then how does Google Knows that the user with given email is authorized to access my app ?
The way I show in this video, I allow all the users of the world with a Google account to log in the application. If you want to restrict the access, there are several ways: * in the Google client application, configure the emails/users which have access * in your application, have a table which lists all the users which have access to your application. Add another filter in Spring Security which checks if the user authenticated with Google is also present in your table.
Hi Sergio, I am implementing your code in my application. The access token we get from google expires in 1 hour. Do you know how we can get refresh token and use it for subsequent requests? Thanks in advance
I didn't use it, but you have a Refresh Token method in the Google API, cloud.google.com/java/docs/reference/google-api-client/latest/com.google.api.client.googleapis.auth.oauth2.GoogleRefreshTokenRequest. Let me know if it works for you!
Hi sergio, can you create a tutorial on how to implement an auth filter for your application, how you validate the access token, and lastly how to combine local login and oauth login even with auth filter implementation, thanks
The logout is a little bit more complicated. As it consists in a restful application, there is no way to know if the token was deleted from everywhere or not. Nevertheless, there are some options that I've described in this article: sergiolema.dev/2023/04/03/3-ways-to-invalidate-a-jwt-token-in-the-backend-side/
Thanks for the video I would like to implement it in a personal project I have this error please help me NG04002: Cannot match any routes. URL Segment: '%5Bobject%20Object%5D'
As described in the following question: stackoverflow.com/questions/72328214/angular-router-outlet-error-cannot-match-any-routes-url-segment it seems that you must respect the OAuth2 URL path. You can't use your custom URL segments
I don't know Gustavo. Check this OpenID workflow: developers.google.com/identity/openid-connect/openid-connect I think you can find something useful. Let me know if you figured it out.
I don't think you can control the expiration time. It's managed by Google. I saw in the documentation that the default expiration time is 1 hour. If you find more information, let me know.
Only with a JWT? Without an OAuth2 workflow? I've made video some time ago which allows an Angular application to login into a Spring Boot backend with a JWT: czcams.com/video/YUqi1IjLX8I/video.html
How much do you sleep per 24h? Your eyes are so white, mine are so red! Also, can you do the same tutorial but with Graphql instead of REST? Thanks for the very informative tutorial.
Would have been better if you would have explained stuff in more detail. Feels like I am wasting my time just looking at you code. I have to google most of the things to understand
I'm sorry for that. But I don't understand why some of the custom configuration are needed, so it's harder to explain. Google has some special adaptations of the OAuth2 workflow
@@TheDevWorldbySergioLema how can i make frontend with only core javascript without any framework or library that's my university's requirements ... guide me brooo
I don't use any particular dependency in the frontend. I just use the Angular structure. With plain javascript, you can have a single HTML page with a piece of code in Javascript where you call the backend as I do in the video. The point will be to display different parts of the HTML page depending on the status of the connection (authenticated or not).
This video here saved me! I understand OAuth2 and OpenId Connect but to have it in the Spring Boot way is a lot harder to figure out.
Thank you so much for ythese videos!
I'm so glad it helped you.
I've also struggled a lot with this configuration 😅
Exactly what I was looking for! Thank you!
So glad it helped you!
Thankyou bro very much. I have seen many videos about oauth2. It is the best
Thank you Alisher!
Hi Sergio, This is the ONLY complete example I could find to make a standalone frontend work with spring boot security. Thanks a lot for that. One question - what would be the easiest way to disable security in the development environment so we can develop the back-end without logging in?
Thank you so much! The best option is to have Maven profiles and have two Spring Security configurations that load depending on the Maven profile
This is a great tutorial. Thank you ✌👌
Thanks for watching Hamed!
Thanks a lot keep going
Thank you!!
Could you please make video to demo BFF pattern ( Backend for FrontEnd). BFF is thought more secure than PKCE flow.
Reply
Let me read more about this pattern. I've never worked on it
Awesome Content 👍
Thank you Adrian!
Great Job
Thanks!
great tutorial ! but what if i want to add the option : login with registered infos how i can i integrate it
I'm not sure to understand your alternative. Having the option to login with email/password OR with Google Login?
great content, do you have any video plans about adding a docker deployment for both the frontend and backend?
I have a playlist dedicated to deploy the backend to AWS, using the artifact or a docker image. For the frontend, i deploy it directly to S3, bit.ly/402muTc
hi! is the introspection-uri in your source code a placeholder? what should the actual uri be?
Also, how does this integrate with the JWT tutorial that you've done separately? I'm trying to implement both in the same fullstack app but can't seem to interlink the 2!
Thank you so much!!
The introspection uri is the real Google API URI, the one you must call to use the authentication requests.
What do you want to integrate from the other videos? As this one is already a complete authentication system, where you don't need to handle the password.
Thanks alot !
Thanks to you for watching.
Excellent
Thank you!
Hi Sergio, thank you very much. I have a question please: what role does the userDto play in the autherization process since you registered no user ? In fact in my case I want to authenticate with Google my previously registered users Who have name, email, sellerType, address properties in a springboot registration standalone microservice. How can I handle this ? Thank you very much in advance.
This DTO is the user's information that come from Google. You can read some information like the name, email or phone number if the user accepts to share it.
@@TheDevWorldbySergioLema ok, so it means that the authentication process with Google has nothing to do with the way my users are registered in my backend registration service. If so, then how does Google Knows that the user with given email is authorized to access my app ?
The way I show in this video, I allow all the users of the world with a Google account to log in the application.
If you want to restrict the access, there are several ways:
* in the Google client application, configure the emails/users which have access
* in your application, have a table which lists all the users which have access to your application. Add another filter in Spring Security which checks if the user authenticated with Google is also present in your table.
Ok, il makes sens to me now. Thank you !
Nice Video
Thanks Sadiul!
Can you create an in depth tutorial about oauth2 and how to customize it along with react?
Something like this one: czcams.com/video/hfeOqvHxHO8/video.html ?
Excellent video - thanks so much.
How can I get the UserInfo to the client, e.g. if I want to display users name.
You can create a dedicated endpoint to return the user's information
how did you learn this much brother. Can you tell me which course you referred?
Practicing, practicing, practicing!
There is no course better than create small projects by yourself.
Does this also work when using Facebook for registration instead of Google?
Yes, it's the same workflow.
Hi Sergio, I am implementing your code in my application. The access token we get from google expires in 1 hour. Do you know how we can get refresh token and use it for subsequent requests? Thanks in advance
I didn't use it, but you have a Refresh Token method in the Google API, cloud.google.com/java/docs/reference/google-api-client/latest/com.google.api.client.googleapis.auth.oauth2.GoogleRefreshTokenRequest.
Let me know if it works for you!
Thank you@@TheDevWorldbySergioLema
Hi sergio, can you create a tutorial on how to implement an auth filter for your application, how you validate the access token, and lastly how to combine local login and oauth login even with auth filter implementation, thanks
Wow! That's a complicated use case. Let me investigate a little bit. Maybe in several videos
How would I authorize users tho? I mean how do I register (allow) some other email?
With this solution, any user who has a Google account is authorized to access your application.
Hi, can u tell me how to implement logout using your method?
The logout is a little bit more complicated.
As it consists in a restful application, there is no way to know if the token was deleted from everywhere or not.
Nevertheless, there are some options that I've described in this article: sergiolema.dev/2023/04/03/3-ways-to-invalidate-a-jwt-token-in-the-backend-side/
@@TheDevWorldbySergioLema thanks
hey brother can you make a complete tutorial on spring boot microservices with security that will work with angular as frontend
I've been adding the frontend part (with Angular and React) to my old Spring Boot videos. Now it's time to move to the microservices videos 😉
angular httpclientmodule deprecated 😭😭😢😢😢😢
Oh yes?
Those things get deprecated very quickly
Thanks for the video
I would like to implement it in a personal project I have this error please help me
NG04002: Cannot match any routes. URL Segment: '%5Bobject%20Object%5D'
As described in the following question: stackoverflow.com/questions/72328214/angular-router-outlet-error-cannot-match-any-routes-url-segment
it seems that you must respect the OAuth2 URL path. You can't use your custom URL segments
the error occurs after pressing the url that I retrieved from the back-end
at the frontend component chapter 40:59
@@TheDevWorldbySergioLema the error is in the redirection to google login form
Is the redirect URL configured in Google the same as the one used in your application?
Do you use the standard URLs or OAuth2?
@@TheDevWorldbySergioLema yes is Oauth2
How can I do this with OAuth2(Google) and JWT?
(Sorry, my reply isn't showing in the comment)
You mean Google returns a JWT with some information (not just a plain token)?
@@TheDevWorldbySergioLema Yes! With some information
I don't know Gustavo.
Check this OpenID workflow: developers.google.com/identity/openid-connect/openid-connect
I think you can find something useful.
Let me know if you figured it out.
@@TheDevWorldbySergioLema ok, thank youu
brother how to set token expired time ?
I don't think you can control the expiration time. It's managed by Google. I saw in the documentation that the default expiration time is 1 hour.
If you find more information, let me know.
can we use this without webflux? if yes how?
Yes you can use it without Webflux. But you have to use another library to request the Google API (like Retrofit or OkHttp).
How can I do this with JWT?
Only with a JWT? Without an OAuth2 workflow?
I've made video some time ago which allows an Angular application to login into a Spring Boot backend with a JWT: czcams.com/video/YUqi1IjLX8I/video.html
@@TheDevWorldbySergioLema noo, OAuth2 (Google) and JWT
@@TheDevWorldbySergioLema
Noo, OAuth2 (Google) and JWT
Thanks a lot. facebook login?
The next one 😅
How much do you sleep per 24h? Your eyes are so white, mine are so red!
Also, can you do the same tutorial but with Graphql instead of REST? Thanks for the very informative tutorial.
😅 At least 6 hours.
Graphql is a topic I have in my todo list, but I never found the time to investigate it
Would have been better if you would have explained stuff in more detail. Feels like I am wasting my time just looking at you code. I have to google most of the things to understand
I'm sorry for that. But I don't understand why some of the custom configuration are needed, so it's harder to explain. Google has some special adaptations of the OAuth2 workflow
@TheDevWorldbySergioLema
introspection-uri : what i have to add
It's the Google API URL, the same I've used in the video, www.googleapis.com/
@@TheDevWorldbySergioLema how can i make frontend with only core javascript without any framework or library that's my university's requirements ... guide me brooo
I don't use any particular dependency in the frontend. I just use the Angular structure.
With plain javascript, you can have a single HTML page with a piece of code in Javascript where you call the backend as I do in the video.
The point will be to display different parts of the HTML page depending on the status of the connection (authenticated or not).
Thanks a lot! 🇰🇿❤🩹
You're welcome!