This class was great! Thank you master!

It is crystal clear. Thank you so much! keep doing such videos.

Because of you @Java techie i passed last semester and on my way to pass this semester. Thanks a lot

@Javatechie

3 жыл бұрын

Glad to hear this 😊

4:16 out of all explanations I've read, this right here is the best

Great session, really I got clarified all the queries in this video, thank you so much!

Thank You, Your explanation is nice, I understood and did a simple OAuth application

Thanks Basant .. For OAuth2 Example.

Basant sir is great helping lot of IT employees

too simple explanation great sir thank you so much

Great great clear explanation! Thank you Boss

Excellent explaination ., Awesome Sir !! Many Thanks !!

No one can explained like this. Great job very clean 👌 I got both theoritical and practical knowledge

if i want to know any concept i always prefer your channel 👍. the way you explain is good, it helps too

@Javatechie

Жыл бұрын

Thank you buddy 🤗

Amazing.. You explanation is to the point.. Like that.. 👍 I hope you upload new video regularly. 💙

@Javatechie

4 жыл бұрын

Thank you Mohammad + Yes will continue upload on every weekend 👍

your content is awesome as always..

Nice explanation. Awesome!

We can also do single sign on / security by passing using spring security right (http basic authentication) from one application to another by skipping actual login page /screen .

Good explanation , thanks

Thank you!

Very nice bro. Splendid job

awesome demonstration sir, , kindly do the same okta with the Spring Boot 3 version , the older version not working properly, all the time got bad requests

Splendid job bro.

Great video Sir 👍👍👍

Thank you😊

Thanks Sir🙂 Helped me to understand. How authorization server generates token and resource server validates the same, could you please explain sir

Nice explanation Sir..keep it up(This is Ranjan Das from Facebook😛)

Nice explanation. Please do signout section as well.

simple awesome

Hi bro , This video is really good about Oauth. Having some doubt on this, In the example we registered the local host app to Git hub as an oauth App and client id and client secret key generated. But in real time example Hacker rank with Git Hub login , Hacker rank registered as oauth app automatically post successful github login . How does it happen internally ? Can you explain the code for that ?

thanks sir

It means each user will add the Clinet application details in their githup profile.... Dynamically how to do sir.. Thanks for ur effort...

Hi @java Techie if possible can u please upload the video for how the Token is generated and what we need to use for encryption and decryption logic in which class need to write and give access.

Hello. Very nice example. I have a question. I can see that the client I'd and secret string is directly configured in the spring boot app and that only helps an individual user to be authenticated by Github authorization server. What happens in a real time production grade project? Do we decouple this sensitive information and store it somewhere else. And what configuration we need to make if we want to access the restful api created in this example to be accessed by any user having valid github credential. I hope there is a way to dynamically use the users client I'd and secret key in the spring boot configuration

@Javatechie

4 жыл бұрын

Hi Prartha, I never tried , let you know soon

@parthanathguitar

4 жыл бұрын

Sure.. I will search for the same as well

Amazing bhai saab😍😍

Hi.. As per the flow diagram after successful authentication only authorization server sends access token right? then how come access token send as cookie in login page before authentication ?

Nice bro

Hy, 'Java Techie' linke Tour explanations. Very clear and understandable. One question: What"s the Authentication-Code? Is this a random Nummer choosen by yourself? Thx, bye.

@Javatechie

4 жыл бұрын

Sorry, not getting you

@smartatwork2344

4 жыл бұрын

@@Javatechie Sorry, wrong typing. I like your Explanation. When you typed in your Authentication, you also typed in a Number in the field Authentication-Code. Where you where getting this number?

@Javatechie

4 жыл бұрын

@@smartatwork2344 I enable two factor authentication so I got OTP to email so am using that number

I have one doubt, In this example we put our clent id and secrt id in our appliaction, which was taken from our git hub, 1)But real time like haker rank we cant put mannually right,?? 2) as per my assumption after validating username and password, doest github gave cleint id and scrt id return back to appliacation after succussfull login?? I have these doubt from so many days?? If in that case what we need to put in our yml file??

Very Good Explanation Basant.. so I guess most of company web applications are using OAuth token security only. Correct?

@Javatechie

4 жыл бұрын

Yes now a days max using it

Can you please do one session on two or more microservices with oauth2

@Javatechie

Жыл бұрын

Yes I will do that.since maximum viewers requested for the same It's in queue

@video 13.32 you mentioned that Access Token is sent from client . Could you please explain how the client generated access token ? Because we had configured only the Client Secret in the yml file.

@sais7065

Жыл бұрын

Same doubt bro

@Javatechie

Жыл бұрын

When I say client it is our application buddy.

Could you guide how to cret a spring boot oauth 2 with keycloak for multitenant?

What is the authorization grant type used, authorization_code or implicit grant?

@Javatechie

4 жыл бұрын

Implicit grant

Your way of teaching is awesome. I need a help, Actually I want to consume the services of Adobe analytics. I have retrieved all the essential data required but I am confused what to put in "security.oauth2.resource.user-info-uri" property. When I start my server then I am able to login but it stuck on that page only. Can you please help!

@Javatechie

3 жыл бұрын

What third part you are using for SSO ? Is it same GitHub ?

@manikantanuj

3 жыл бұрын

@@Javatechie I am trying to fetch the data of Adobe Analytics using API and trying to get it authorized by Oauth2.0. So in Application.properties what should be written under security.oauth2.resource.user-info-uri.

Is it recommended to use in a real time Application I mean there is no secrecy of client id and client secret

@RAJU9622

2 жыл бұрын

No not recommended

How come the access token in the cookie before sign in to the GitHub account...while you were inspecting the elements

@Javatechie

4 жыл бұрын

Sorry didn't get you

What is the need of sending back the access token to github resource server which was given by github itself

@Javatechie

4 жыл бұрын

GitHub authorization server will send access token , how resource server will verify already you authorized it ? That's the reason access token should be 2 way

HI Basant I am getting below error after login ava.lang.IllegalStateException: Access token provider returned a null access token, which is illegal according to the contract.

Hi sir, Can you please explain one post request through postman how you will pass authentication information in the header.

@Javatechie

8 ай бұрын

Please check my jwt security video

Make video on jwt also ;)

@Javatechie

3 жыл бұрын

Hi sandhya , its already there in my channel here is the link kzread.info/dash/bejne/pHaCscVtqdDKYag.html

Nice video. Can you make a video using LinkedIn?

@Javatechie

3 жыл бұрын

Okay I will try this

i think access token should not deliver by browser which should pass in the backend

Sir please make a video how to create own identity provider

@Javatechie

2 жыл бұрын

Yes we can do that . I will try this

@SmartGaming.1996

2 жыл бұрын

Ok sir please create video as soon as possible because I want to implement it in a practical way

@SmartGaming.1996

2 жыл бұрын

@@Javatechie Sir please make a video how to create own identity provider

I am trying spring version 2.6.1 and even maven update.. i am unable to get resolved, kindly guide should i change to as you mentioned and or go with that. ?

@Javatechie

2 жыл бұрын

What is the error ?

Hi Basant. Spring Boot just got updated to 2.3.4 Inspite of logging out of Github, why is it not asking for the credentials for the next subsequent login when I type the same url on another chrome tab? I dont want to restart the app

@Javatechie

3 жыл бұрын

Wao great update let me check if there is any update

@rexsam3134

3 жыл бұрын

@@Javatechie Yes I found the Tomcat jars are new as compared to the 2.3.3 version

Hi Sir , needed the updated procedure of Spring security with OAuth2,ssince cloud security ,cloud Outh dependencies are not shown under dependencies of spring initializer,sir

another question : why you added client security dependency ? spring security dependecncy will not work ? or we really need any of these dependency to create this application ?

@Javatechie

5 ай бұрын

You need oauth2 client dependency to delegate your security concern to a 3rd party identity provider (GitHub/ Facebook / Gmail etc...)

HI Basant, I really appreciate your effort, i learnt a lot regarding OAuth2, and mostly asked question in the interview. I tried your example, but it is giving me below exception, tried finding out from StackOverFlow, but no luck, Will you please give any hint or help? java.lang.IllegalStateException: Access token provider returned a null access token, which is illegal according to the contract.

@Javatechie

3 жыл бұрын

Did you add your own access token as I shown in video how to generate

@rishikesharora8681

3 жыл бұрын

@@Javatechie Thanks a lot for your quick response, it has been fixed after watching your comment...Thank a lot again 😍

I tried this one ,successfully run application ,and getting login page but login by giving credentials getting error page "site can not be reached ".in application logs are also fine so not able to check exactly why i am getting error.Could you please guiding me on this.

@Javatechie

4 жыл бұрын

Are you getting GitHub login page right ? If yes then please provide your GitHub credential to login

Can u please do vedio on Jaeger tracing

@Javatechie

4 жыл бұрын

Hi Birru, I never tried this , let me check this

@birruvijaykumar23

4 жыл бұрын

@@Javatechie tq

Great session , but i want same session with Spring MVC , is it possible ?

@Javatechie

Жыл бұрын

Yes possible but need to add more configuration

@pankajgupta3002

Жыл бұрын

@@Javatechie could u please make video for this

@Javatechie

Жыл бұрын

Need to check,just google it once

How do we know if we are using 2 legged or 3 legged ?

How the access token is getting generated by Authorization server and How Resource server is validating whether it is a correct access_token or not!

@Javatechie

4 жыл бұрын

Saroj I inspected the console if you notice while sending request it will send token as part of request header if it is not valid you will get 403 status code else 200 You can also do same just inspect your browser while sending first request

@RAJU9622

2 жыл бұрын

Saroj actually , before launching the page there will be one more call to git hub to give the access token, that access token given by github because application is sending in the request client if and secret , as it’s matching with the git oauth2 credentials so only git hub authenticated and given the access token. If you want to test give wrong secret I will never get back the access token and u r not able to login I will get 403 error as Basant said. Let me know if need more information or anything confusion.

Pls Zoom in your screen. Please explain the yml configuration parameters added Boot 2.4.1 doest have Spring Cloud Security enabled

@rexsam3134

3 жыл бұрын

2.1.4 is no longer supported in STS 4 and gives ClassNotFoundException 2.3.7 gives "message": "Not Found", "documentation_url": "docs.github.com/rest"

Where we can see the user information after token got validated

@Javatechie

4 жыл бұрын

You can't see user information GitHub resource server will send to client based on your permission .

How to do logout? Please explain.

where you get this below url's.- accessTokenUri, userAuthorizationUri, userInfoUri. if i want to the same OAuth authentication for FB or any other authorization portal. where i can get this url's.

@Javatechie

4 жыл бұрын

While registering application into GitHub you will get those information

@shriomtechnology1779

4 жыл бұрын

Thank you very much 😊. Very quick response. Nice explanation 👍

One more question Is OAuth2 is also responsible for authentication !

@Javatechie

4 жыл бұрын

Yes

i am getting this error : error: redirect_uri_mismatch error_description: The redirect_uri MUST match the registered callback URL for this application. Please help, even though done same :/

@Javatechie

2 жыл бұрын

Please validate your callback uri

after giving GitHub login credentials, i got page mentioned - you are redirect to authorised application, if your browser does support, click here, after click it is downloaded not further process failed

@Javatechie

3 жыл бұрын

Can you please share error stack trace

@gauravvishwakarma7772

3 жыл бұрын

@@Javatechie thank u for reply You are being redirected to the authorized application. If your browser does not redirect you back, please click here to continue. after clicking on 'click here' is get downloaded

I am getting a error --- field error in object 'resourceServerProperties' on field 'tokenInfoUri': rejected value [null]; missing.tokenInfoUri.resourceServerProperties.tokenInfoUri Please help me out

@Javatechie

3 жыл бұрын

Please google it .

@sumeetyadav7141

3 жыл бұрын

@@Javatechie not got any solution

Able to login but unable to logout

its Oauth 1 concept not Oauth 2

please remove ur clent id and secret from github repo

Hello, will the information (emails) be stored in local database?

@Javatechie

11 ай бұрын

Yes you can store but what is the usecase