Awesome content...complex topic covered with such clarity thanks

@TheDevWorldbySergioLema

2 жыл бұрын

Thank you. I try to be as clear as possible. It's difficult without being boring.

I think it's a master tutorial for understanding spring security oAuth2 concept. Thanks.

@TheDevWorldbySergioLema

Жыл бұрын

Thanks to you for this message!

Exactly what I wanted. Thank you!

@TheDevWorldbySergioLema

Жыл бұрын

I love when a plan comes together 😅

Extraordinary explanation, great

@TheDevWorldbySergioLema

2 жыл бұрын

Thanks!

Such a wonderfull content even i have working on keylock but still lot of information

@TheDevWorldbySergioLema

Жыл бұрын

Thanks. I try my best

Very nice explanation!

@TheDevWorldbySergioLema

Жыл бұрын

Thank you!

hello, very good video. I would like to go deeper into this topic. I'm doing my master's thesis and I have to use oauth2 anyway. How would the same thing be done if I use microservices and a gateway. how could I ask you several questions. Thanks a lot

@TheDevWorldbySergioLema

2 жыл бұрын

Thank you for your interest

@mustafaali3741

2 жыл бұрын

​@@TheDevWorldbySergioLema Yes, please how would the same thing be done if we use microservices and a gateway. Thanks a lot

@TheDevWorldbySergioLema

2 жыл бұрын

That's an interesting question. I will try to make a video about this 😉

Great explanation. Thank you

@TheDevWorldbySergioLema

2 жыл бұрын

I'm doing my best

Great explanation. Thanks

@TheDevWorldbySergioLema

2 жыл бұрын

Gracias John!

Nice video. I cloned the repo. But the project you are referring in the video and the one which I cloned looks different.

@TheDevWorldbySergioLema

Жыл бұрын

Check the tag, i use a different tag for each video of the playlist

@TheDevWorldbySergioLema

Жыл бұрын

For this video, use the tag chapter_1

i m your fan and subscriber. u nailed this topic man

@TheDevWorldbySergioLema

Жыл бұрын

Thank you!

awesome content. please keep going

@TheDevWorldbySergioLema

2 жыл бұрын

Thank you. I will try to 😅

I cant figure out how to get the Security chain for the Resource server to work. mvcmatchers isn't in spring security now.

@TheDevWorldbySergioLema

Жыл бұрын

For the configuration of the new version of Spring Security, you can check how to do it here: kzread.info/dash/bejne/dGWHt9uuaZuuprQ.html

@treefrog9392

Жыл бұрын

@@TheDevWorldbySergioLema thanks, love how clean your content is. No fluff just skills!

@TheDevWorldbySergioLema

Жыл бұрын

Thank you. The cleaner a code is, the easier it is to read and understand

Awesome! Thanks

@TheDevWorldbySergioLema

Жыл бұрын

You're welcome!

ClientRegistrationRepository and OAuth2AuthorizedClientRepository - Could not autowire. No beans of ' Rep ' type found. Why?

@TheDevWorldbySergioLema

Жыл бұрын

Maybe you're missing some dependencies, check all what I've used here, github.com/serlesen/authorization-server/blob/chapter_1/backend-client/pom.xml

@danielvai5117

Жыл бұрын

@@TheDevWorldbySergioLema Use in Configuration WebClientConfig : import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; (and other dependencies..) Gradle : implementation("org.springframework.boot:spring-boot-starter-oauth2-client:3.0.0") implementation("org.springframework.boot:spring-boot-starter-security:3.0.0") implementation("org.springframework.boot:spring-boot-starter-web:3.0.0") implementation("org.springframework.boot:spring-boot-starter-webflux:3.0.0") implementation("org.springframework:spring-webflux:6.0.3") implementation("io.projectreactor.netty:reactor-netty:1.1.0") I rewrote the code exactly like yours. But the error is still displayed on them .. Otherwise, everything works.

@danielvai5117

Жыл бұрын

@@TheDevWorldbySergioLema I completely cloned your project through git and this error remained)) , what is it )

@TheDevWorldbySergioLema

Жыл бұрын

I just tried the project again now. Everything works well. I see that your dependencies are newer, maybe some imports changed their location. I did not yet test the new version of those dependencies, I can't help you more.

Great explanation, Consider this : I have two client apps registered in auth server with contexts say /app1 and /app2. Now when I hit /app1 it redirects me to login page, Now when I log in for app1 I don't want to give credentials again for /app2, I want it to automatically authenticate me for app2 as well (vice versa). how can I achieve this sso kinda thing ?

@TheDevWorldbySergioLema

Жыл бұрын

I think what you need is an API Gateway. The API Gateway authenticates with the Auth Server when first using it. Then redirects to the client 1 or 2 depending on the context used app1 or app2. May this solve your problem?

Thanks alot. I was hunting for info on how to combine spring auuth. jwt tokens (resource server)? and api-gateway (cloud). Will try to see if it works in my case.

@TheDevWorldbySergioLema

Жыл бұрын

Hope it works for you

@maneshipocrates2264

Жыл бұрын

@@TheDevWorldbySergioLema Hopefully. But I want to find out whether I can keep my old design of microservice which involves collecting services via a collector service - because I heard you mention in one of the videos that this may not be necessary when using this spring auth server. say I have services A and B, with service AB kinda a collector. I decide to access endpoints via an API gateway-spring auth server-service AB? Thanks.

@TheDevWorldbySergioLema

Жыл бұрын

I'm not sure to understand your architecture. What I meant when saying that the service collector is no more necessary (and use an api-gateway instead) is in the state-of-the-art. In particular cases, you may need it. You have two approaches: collectorAB -> auth_server -> service A or api_gateway -> auth_server -> service A. You may have a legacy project or a lot of initial logic, so the initial collector service is necessary (the migration to use an API gateway may be painful), you must balance the benefits and the cost of the migration. I hope I've clarified your doubts

@maneshipocrates2264

Жыл бұрын

@@TheDevWorldbySergioLema Thanks alot. I will see how to orgnaize and may be drop another question later. Thanks for the great work,

@maneshipocrates2264

Жыл бұрын

Thanks again. I did use your method but included added a security to the gateway client and on my resource server (containing many endpoints). Running the code I get the following error: Parameter 0 of method setFilterChains in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.security.oauth2.jwt.JwtDecoder' that could not be found. I was trying to refractor some code written with OAuth2 spring resource server (for authorization) security JWT etc.

thank you for this tutorial, i followed it step by step, but now i am wondering how did you run the them and tested them together! can someone tell me please

@TheDevWorldbySergioLema

Жыл бұрын

You can download the github project present in the video's description. You must first strat the database (with the available command in the README file), the start the authorozation server, and then the client and resource servers. Then add the users in the database as you need

Sir i am getting this error This application has no explicit mapping for /error, so you are seeing this as a fallback. Tue Dec 20 23:05:26 IST 2022 There was an unexpected error (type=Bad Request, status=999).

@TheDevWorldbySergioLema

Жыл бұрын

I will need more information to help you

I have cloned the project during the project setup I am getting error at WebClient declaration saying it may not have been initialized same in UserRepository and PasswordEncoder

@TheDevWorldbySergioLema

29 күн бұрын

Do you have more information?

@chinmayhegdehere

29 күн бұрын

Yeah basically it is asking for initialization of WebClient, UserRepository and Password Encoder variables. If it is initialized to null the error will go but during running it ll show this.userRepository is null

@chinmayhegdehere

29 күн бұрын

And also have a doubt regarding editing etc/hosts. We have assigned each service with different ports so wont it redirect properly. What is the actual necessity of creating aliases?

@TheDevWorldbySergioLema

24 күн бұрын

This seems to be an error in one dependency. So it's cascading to all other dependencies. Check if there is another error specific to a single depdency.

@TheDevWorldbySergioLema

24 күн бұрын

The necessity of the alias is because the browser will create cookies for a domain after the sign in is successful. If all the domains are localhost (the port is not taken into account), you're overwriting the cookies from the resources server to the client server.

Hello brother, may I ask you a question? Why do we need two clients here, what are their difference and if I just want to access the protected resource server with some token, can I configure just one client. Especially I don't understand why we need the message-client-oidc here.

@TheDevWorldbySergioLema

Жыл бұрын

Hello. In this video I've created one client server (backend-client), one authorization server (backend-auth) and one resources server (backend-resources). In the client server I've configured two ways to register with the authorization server: with OAuth2 and with OICD. When the OAuth2 authentication finishes, it requests for the OICD scope. The OICD is an overlayer of the OAuth2. This means that it takes advantage of the OAuth2 to get all the information and tokens necessary without requiring the user to insert again the credentials. I hope it's clear enough. In this introduction, you can read a little bit more about OICD, openid.net/specs/openid-connect-core-1_0.html#Introduction.

It feels natural that client should be a JS app, some SPA app, is it possible to do? client - react app, resource - spring app, authorization - spring app. If possible, what is the flow at the client side?

@TheDevWorldbySergioLema

2 жыл бұрын

I've made a video some time ago where I implement the OAuth2 for a backend application and consumed by a separated frontend application (in React). You can check here the workflow, kzread.info/dash/bejne/aZuLxbKQmJi9hrw.html

Nice Video. I saw many written doc, But I found your video latest one for Authorization server. Thank You. Shall you please Make video or comment about why, when to use OAUTH2 client, OAUTH2 Server, OAUTH2 SDK ?. Google , Git hub , OKTA credential login authenticate with OAUTH2 client is enough ? Need a authorization server ?

@TheDevWorldbySergioLema

Жыл бұрын

In fact, you shouldn't need to create an authorization server, there are plenty already available (Google, Facebook, Github...). You may need to create your own Authorization Server if your building an SSO (Single Sign On) system for multiple services. The libraries to use are: OAuth2 client to connect to any OAuth2 credentials provider; OAuth2 Server to create your own Authorization Server; OAuth2 SDK I'm not sure about which library is this one.

Good one.

@TheDevWorldbySergioLema

2 жыл бұрын

Thank you!

Hi Sergio, I write you because I follow your tutorial step by step but in the minute 23:28 of the tutorial when you tried to access to the client, the result should be to redirect to login page of the backend-auth server but in my case I got the follow error message: "There was an unexpected error (type=Bad Request, status=400). [invalid_request] OAuth 2.0 Parameter: redirect_uri" I checked and I can see I have the exact same code, I tried to resolved this issue myself but I couldn't find an anwser about this error. Can you help me please to resolved it? Thanks & Regards

@TheDevWorldbySergioLema

Жыл бұрын

Hi Gustavo, thank you for following me and for your interest in my work. Are you sure that the URI of your backend-client is correctly added in your backend-auth (checking the HTTP response of backend-auth, you can find the exact URI needed). On the other side, as I indicate on the video, be sure to use aliases for the three backends when working on your localhost (add some redirections on your /etc/hosts), otherwise, backend-auth will think it's his URI and not the URI of backend-client.

Is it possible to give two applications same client id? or will have to register both applications independently?

@TheDevWorldbySergioLema

Жыл бұрын

You can have two applications using the same client_id. Technically, there is not problem. If you have two instances of the same application running in parallel, they must use the same client_id. If you have two similar applications but have a different behavior, you should use the same realm but different client. If you have two applications with different users and different behavior, you should use different realms and different clients. But as said, technically, you can do whatever you want. It's just a matter of organization and security.

Can you extend this spring authorisation server uses federated authorisation I.e: social login

@TheDevWorldbySergioLema

Жыл бұрын

I think yes, never tried. If you try it before me, I will be happy to have your feedback

Great work! Is there a way to get the Authorization code via REST request sending username and password in a body or headers?

@TheDevWorldbySergioLema

Жыл бұрын

Thanks! It will depend on the authorization server used, Github, Google, Facebook, Keycloak... Each one will have a different login page and different endpoints to receive the data.

How did you get the value for clientSecret? Or can it be encrypted by any encoder?

@TheDevWorldbySergioLema

Жыл бұрын

I've generated the client secret by myself. It was encrypted in the authorization server with BCrypt, but you can find the raw value in the client server.

Could you make a new VDO about Openid connect for authenticate LDAP ?

@TheDevWorldbySergioLema

Жыл бұрын

Yes, this could be a good topic. I will work on it

I find this way of setting the spring authorization server very fancy in this video, but I encountered lot of bugs trying to reproduce the exact codes; because in the Backend-auth project and in the UserAuthenticationConverter of the Config package, the editor complains saying the the method getPassword() is undefined in the UserDto, so I create the getter of password field inside UserDto and the error is gone. But when building the Backend-auth project, the build failed with three errors. These are the errors: 1 - Caused by: org.springframework.beans.factory.beanCreationException: error creating bean with name 'EntityManagerFactory' defined in classPath resource org/springframework/boot/autoConfigure/orm/jpa/HibernateJpaConfiguration.class 2- Caused by: org.hibernate.service.spi.ServiceException: Unable to create requested service org.hibernate.engine.jdbc.env.spi.JdbcEnvironnement 3- Caused by: org.hibernate.hibernateException: Access to DialectResolutionInfo cannot be null when 'hibernate.dialect' not set I want to also add that I created a docker volume for the 'authdb' postgres database and created the 'auth-usr' with the 'pwd' password as well, but when I try the '\dt' to show the created 'auth_user' Table, the console says there is no relation. Also I realized the the schema.sql is not called from the datasorce of application.yml of Backend-auth project, why shouldn't it ? I thing there comes the errors, but not sure. I just want to know what I'm missing, since I found this video meaningfull. Thanks in advance !

@TheDevWorldbySergioLema

Жыл бұрын

First of all, thank for watching the video. About the getters you're missing, you may also miss the Lombok dependency, which builds the getters, setters, constructors and more. About the Dialect not found, i've added the Postgres dependency at the beginning of the video to the backend-auth project. And about the schema.sql, you're right, it's never called from the service at startup, I prefer to run it manually, it avoids running it twice when I already have some data in the database. The other errors seems to be related to the Postgres library which is missing. I hope you can solve the problems now.

@davidev5238

Жыл бұрын

You are right, I updated my macos system recently and haven’t reinstalled the lombok. I do it right now and the errors left. Thank u again, you are just like a genius.

@TheDevWorldbySergioLema

Жыл бұрын

Glad it works now!

@javajavelin1

10 ай бұрын

Why do you need to install lombok? Isn't it enough to include it as dependency in project you're working on and use the right annotations on the class to generate getters and setters?@@davidev5238

Hello, I have problem during build of backend-client module, I have got "UnsatisfiedDependencyException" during compiling webClient at message controller, Is there anyone who can help me?

@TheDevWorldbySergioLema

Жыл бұрын

Have you the same dependencies in the pom.xml as in the video? Have you all the annotations and packages scan to allow all the beans being detected? Check the Github repository for more help, github.com/serlesen/authorization-server/tree/chapter_1

@anahitakarimi9872

Жыл бұрын

@@TheDevWorldbySergioLema yes i clone the code from github address you mentioned

@TheDevWorldbySergioLema

Жыл бұрын

The client requires the authorization server to be UP, as it needs it to validate its requests.

@anahitakarimi9872

Жыл бұрын

@@TheDevWorldbySergioLema in here authorization server means "backend-auth" module, Am i right? or is there another step to validate the request ?

@TheDevWorldbySergioLema

Жыл бұрын

Yes, it's the module named backend-auth. No, the requests to backend-client only need backend-auth to be UP.

Awesome

@TheDevWorldbySergioLema

2 жыл бұрын

Thanks Alison!

Hey man can you create a tutorial about Spring ACL its kinda hard topic for someone exploring authentication/authorization thankss love your content

@TheDevWorldbySergioLema

2 жыл бұрын

I've already done something with the roles, kzread.info/dash/bejne/jHaZ29ttgZbUedo.html

@danjanuspineda4330

2 жыл бұрын

yes thats the one i followed for my application backend and its really efficient, how about ACL do you think do we really need it?

@danjanuspineda4330

2 жыл бұрын

somehow its very complex to implement

@danjanuspineda4330

2 жыл бұрын

and its like cover policies in model or entity if it should be updated or just read by users

@TheDevWorldbySergioLema

2 жыл бұрын

It will depend on your application. If it needs a fine tune authorization. But I think it's very important. You can even have roles and permissions. Permissions attached to methods (read images, write images, read users, write users...) and roles attached to users (customer, reseller, admin, b2b...), then combine the permissions on the roles.

Spring Security needs a DSL to make this more intuitive because programmatically it’s very obtuse.

@TheDevWorldbySergioLema

Жыл бұрын

Which part are you talking about? For the auth server?

Thanks

@TheDevWorldbySergioLema

Жыл бұрын

Thanks to you for following me

@himmelsdj3205

Жыл бұрын

@@TheDevWorldbySergioLema Yeah, a clean job like this deserve appreciation, especially on a critical matter as application security while spring is renewing its wings about it. Thanks again for the time

In the application.yml of backend-client service, you set ‘client-id’ : ‘messages-client’ and ‘client-secret’ : secret. But in the securityConfig file of backend-auth service you set in RegisteredClientRepository .clientId(‘messages-client’).clientSecret(‘AnEncryptedPAssword). I just want to ask which encryted password was used there inside the .clientSecret(). I ask this because the backend-client project failed on build saying that it cannot create Bean with name ‘messagesController’, and after checking, it appeared to me that backend-client failed to reach the backend-resources endpoint because it’s still unauthorized. So which password should I put in the .clientSecret() ? The One in the data.sql or that of auth_usr. I tried all that and still unauthorized. I just don’t figure out with which credentials the backend-client is finally authorized from the video. Thanks for clarification.

@TheDevWorldbySergioLema

Жыл бұрын

Hi, in fact, it's the same secret. But as in backend-auth I have a PasswordEncoder, the client-secret is encrypted by default (I use BCrypt). If you prefer to use a plain secret, remove the PasswordEncoder in backend-auth. To obtain the encoded secret, I've created a UnitTest where I encode any string to obtain its encoded value, then use it in the RegisteredClientRepository. I hope it's clear enough.

@TheDevWorldbySergioLema

Жыл бұрын

Maybe it's a typo, I see you use backend-Auth and backend-auth (with upper case and lower case). Did you try to solve this?

@davidev5238

Жыл бұрын

No, there is no such typo in the actual code. I tried all I could to run the backend-client but not to avail, I Even tried to edit the /private /etc/hosts file in my local system to avoid acces denied, but that also doesn’t fix it

@TheDevWorldbySergioLema

Жыл бұрын

You said that you edited your /etc/hosts to avoid access denied. This file must have root privileges but read access to everyone. In this file you must have 3 alias pointing to localhost. Did you try those alias individually? On the other are you sure you're using the correct grant type, scope on the backend-auth and backend-client? One last point, the backend-auth must first be started before backend-client (in the case you're starting both at the same time or in the reverse order).

@davidev5238

Жыл бұрын

Yeah yeah my bad, that was it. I wrongly edited the hosts file, and wasted a whole week for that. Now it is working. Thanks you very much. My next step is to add role to the authentication system using the approach in this video.

Super )

@TheDevWorldbySergioLema

2 жыл бұрын

thank you!

Did anybody try to use authorization server and angular app as oauth2 client?

@TheDevWorldbySergioLema

2 жыл бұрын

I've tried to consume the application with a React frontend, but never with an Angular frontend.

@himmelsdj3205

Жыл бұрын

Angular is a client side framework, and so it is a consumer just like React, there is no difference if you are good at Angular Interceptors, you can intercept token from headers and map requests' payload just like you wish.

@user-ct9im5lk8k

Жыл бұрын

@@himmelsdj3205 thnx for the reply. I've already solved it by using oidc module for angular.

Could you provide more detailed documentation how to set up KeyCloak service? after louncing project i'm got error : Unable to resolve Configuration with the provided Issuer of "backend-keycloak-auth:8080/auth/realms/my_realm"

@TheDevWorldbySergioLema

Жыл бұрын

I've added the alias in the file /etc/hosts. All is described in the README file of the repository

@eugenek8372

Жыл бұрын

Try to delete containers backend-keycloak-auth, and launch again, probably you will have the same issue.

@eugenek8372

Жыл бұрын

I'm just add my_realm in keycload, now works. thanks.

@TheDevWorldbySergioLema

Жыл бұрын

Oh it was the keycloak configuration which was missing. Glad you fixed it

First of all, thank you for your video. I benefited a lot from it. In the process of learning, I met a question, which I would like to ask you auth and resource services are normal, backend-auth:8081 can be accessed normally, but clientId reported the following error when starting, thank you boss Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "backend-auth:8081"

@user-ee7hs4ti9c

Жыл бұрын

解决了，thank you，

@TheDevWorldbySergioLema

Жыл бұрын

Thanks to you for following me. Did you add the provider configuration in your client? github.com/serlesen/authorization-server/blob/chapter_1/backend-client/src/main/resources/application.yml