Such a great video. Thank you! A lot of people would like to see how to implement oauth2 with a logic jwt, once you singed in with a google, front get the jwt token and invoke any methods with the jwt token. That is means logic with the jwt token will be not changed, but we added google oauth2. None of youtube videos about this issue…
Quick question: My app uses the /register route for registering users and requires following fields: name; dob; email; password; weight; goal; In one of your other videos You have for the /register fields only email and password. How would the registering with google work, if I need not only email and password information, but also other information about the user and stroing that in a database
Awesome video on OAuth 2.0 implementation using social logins. I never thought that this would be so much easier, but I think you made it easy to understand for beginners to experienced and seniors as well. Your contribution is very much valuable and I hope you get more and more support in terms of Subscription + likes + shares + comments.
Great video, thank you so much. How about Android applications? Where should I make configuration of Oauth2 in this case? In android application or as you have shown in Rest API ?
@@BoualiAli In this session you explained very clearly and in depth about the oauth2 concepts and with an example of social login providers like google, facebook and github. What we are asking is, implemention of oauth2 using spring security without any external providers. At the high level 1. One spring boot application (Act as a authorization server) - This application is responsible for validating the user credentials, generating the token (JWT or JDBC) and validating the token. Hence user details needed to be stored in our database not in third party providers. 2. Another spring boot application (Act as a resource server) - This application may contains both secured and public endpoints. if user try to access the secured endpoints the request must be validated by our Authorization server application (We are sending the token as bearer in header). If a particular request is valid then we can access the secured endpoints otherwise un authorized. Hope i answered your question...
Thank you for sharing. I have som questions: after I login by gmail successfully, How can I use the credentials to access other services in microservices? Do I need create new access token to return to frontend? how to generate access token after login successfully?
Thanks. There is one more fantastic tutorial. Get a clear-cut idea of how it works flow-wise and implementation-wise. Can you help or provide some idea how to implement social media login with JWT
Can I use this dependency spring-boot-starter-oauth2-client for application with React client? Or It's just for requests from resource server and I need to use spring-boot-starter-oauth2-resource-server to interact with React client in that case? I will be happy to hear about it)) Thanks for the video)
Nice video. But what if I have a custom token using Auth0, and I want to limit or bind oauth2 login page response to only a specific endpoint? I tried something like that using Spring Security 6.3.0, and I couldn't figure it out yet. /login to my custom JWT and /OAuth2 to be the receptor of the Google login page. When I used oauth2Login, the login page responds even in non-existent endpoints
Thank you so much, i've learned a lot from you, may the Almighty reward you ! The next thing i would like to learn from you is microservice and ci/cd approach.
🤩 Video is awesome. i have few questions. ✋ What if our application uses all type of Auth. Email Password, Google, Facebook and Apple? and we also want to use the JWT for client & server communication? ✋ What about the mobile apps front end side to authenticate, mobile apps have different behaviour in Apple Authentication? 🤌 Please make a video for these requirements. i really want to learn all of these.🤌
Thanks always for your easy to understand videos. Quick question: I already have the jwt token authentication where a user signs up and the details are stored on my database, now i want to include the oauth2 authentication, where the user has an option to click on a sign in from google button. Would these two auth mechanisms be configured in thesame bean or they would have seperate beans for each? Also can I read the info of the user from google and save on my db? thanks in anticipation.
I liked the video and the explanation. Question: How can we control the user wether he's authorized to get ressource or not using the social auth. providers (school case: admin has full access and normal user have standard access) ? Thanks for responding.
This role base auth, You can save the user info locally and based on that you can assign him a role. You can also use your own oauth 2 server like keycloack and there you can assign roles
Dear, I have gone through so many videos from paid courses as well but really didn't see any such tutorial. You really explained and demonstrated so easily. Salute to you. Keep it up. Thank you so much for such informative video.
thanks a lot ! this was very helpful but I have a couple of question, how can you use a custom login form for OAuth2 and how can you combine OAuth2 and JWT mechanism ? Thanks a lot in advance
Hello @BoualiAli, I've been following your channel for while and i must say, you have one of the best springboot content on UA-cam. Well done. That being said, I have a question and I'd really appreciate your prompt response. How do I implement OAuth (in my case, Google and Facebook) together with traditional user login (username and password authentication)?
Great video Ali. But I don't understand something, we say that resource server is our backend app, the client (the one who wants access to the resource uri) is the browser, and authorization server is GitHub. But what exactly is the role of the application we created in github? Why we had to create this app and what is the relation with this app and our spring boot backend app? Also I didn't quite catch the clientId- secretId role. Thanks
I must say Awesome and you cleared all my problems you deserve the all likes ,subscriptions and shares and reach the great heights in the future so coming to the point will you explain how to stay update of the technologies and for every 6 months spring team changing the methods and a lot so my question is how are you able to stay update with that if you don't mind will you explain this please brother
Nice video !! can you create a video about web security . a kind of road map or best practises a devloper can follow to make a safe application from different type of attacks
I have to add this in my existing project , so when I add the dependency for oauth resource server in my Pom file it shows not found. Can you tell me how can I add ?
Is it possible to build a service to support multiple external authorization services and then the service itself acts as an authorization service so that there is always only one auth server for the multiple oAuth clients?
when i using google provider. why does it show me "[invalid_id_token] An error occurred while attempting to decode the Jwt: The ID Token contains invalid claims: {iat=date}" ?
Thanks for this video. If its for the first time that client is visiting this endpoint and needs to have a user account, can we create a user account with OAuth2 login? And if so, how to do that?
The user should create an account on (Github, facebook, ...) and the use it. Your application should not really care about that. It is totally up to the client to do that
@BoualiAli Thank you for this great video. I want to ask that is there a way this can be used to the app itself(Like the JWT) without going to the third-party app like facebook or github? Please tell me how.
The Oauth 2 is jwt based auth too. But the users are not stored on your side but on the auth provider side. I will create soon a video about keycloak and you will understand the oauth2 process much better
Hello Ali. Thanks for this video. But I have a question. I want to take google users info for example mail, name, surname etc. after this part. How can I do this?
wonderful video. Best teacher for spring boot. @Bouali Ali could you please make video for gateway + authentication-service(jwt) + other+services. means the user will ask other services through gateway. but gateway will allow or block the request by valider the token from authentication-service i use RestTemplate inside gateway to request authentication-service, but it does not work.
Hello i have register login with jwt now i want to add also social login can i make the user login and generate for him jwt token after successful login? and in the db what do i save if i dont have password since social login doesnt require pw hope you help and thanks.
When I creating app in google cloud, it asking redirect-uri. It should end with login/oauth2/code/google and for github it should end with login/oauth2/code/github
@@BoualiAli yes, also google server send a token to this uri. And for normal recieve this token by spring ouath2 module, it should come exactly to the login/oauth2/code/google uri
Hi @khalilbouali3480, thank you so much for your answer! I really appreciate your help and guidance. Your explanation was clear and easy to understand. I'm grateful for your support. Thanks again!
How can i make so that a frontend application can access the authorized backend data? I.e we authorize through backend login but then show this data in our front end?
@@BoualiAli so for example I have a end point @3000 for front end and auth page @8000 local host I redirect and login. It gets authorized for me but not the front end point @3000 I'm not sure if I'm explaining it that great and there may be a gap in my knowledge but that's the issue I'm facing
is there any difference between making spring boot project on spring initializr website and doing that inside intellij? In intellij we can also use spring initializr
in oauth 2.0 open id can we use along with jwt token or is it must be a seperate? so if we might be use jwt + oauth2.0 there is must be another configuration? can you refer me? thank you in advance
Hello. Thanks for the video. I clone this project in my intellij and, with my google account, request loop on google oauth authentication and never give the controller answer "Hell OAuth2". It's a problem of ... something but what ? console app config ?.
Hi @Bouali Ali, this video is so informative and well explained each and every step, Thank you for making this video. Could you please make a video where linkedin and twitter used as social login platform instead of github and google that can be very useful for us. Please make a video on this topic, request from your subscriber
can we use oauth2 with authorization code grant type with native mobile app if yes should it make sense that mobile app redirect us to the authorization server login page?
Do you know how to secure resource server with these two auth providers? Concretely, how to enable client to choose which one provider he wants to use to login and get data from resource server?
@@BoualiAli I have 3 separated projects: client , authorization server and resource server. To explain a bit better that architecture in real use-case, resource server is like backend app, client is some front app, and authorization server is to authenticate and authorize end user. To enable client to get data from resource server user has to login via auth server. Have you ever tried to implement authorization with multiple auth providers (like Github or Google or custom authorization server in my case)?
@@pad5724 i will make a video on how to implement front end and backend using oauth 2.0 In the frontend you will be able to choose which provider to use to login…
Hi @BoualiAli, I need some guidance on implementing the below scenario - Assume there are 4 controllers in the application currently and there will be new controllers added in future. Each service may have multiple operations - read, edit, create, delete. I want read to be provided to specific role. Also, assume there are 3 roles now - Admin, manager and user. There will be additional roles that will be created in future. I want to define Role, Service and operation in DB table. Based on this combination the authorization should be provided to users. User will have a Role Role will have Service.operation Can you please suggest me the best approach to implement this requirement.
when i try to call the api from postman with access token it returns me the google login page (I have used google to login, when i used in browser it works fine ), can you help me with this issue
When using postman, in the auth tab, select oauth2 and then you need to configure the connection and then it will generate the token and you will be able to use to query the backend
@@BoualiAli I try doing with your suggestion, but I can't use the gererate token to cal my API. It's always return github login page. Please help me explain about that. Thanks
![Spring boot 3.0 - Secure your API with JWT Token [2023]](http://i.ytimg.com/vi/BVdQ3iuovg0/mqdefault.jpg)
![Spring boot 3.0 - Secure your API with JWT Token [2023]](/img/tr.png)
Join the Micro Services course waiting list and get and get an exclusive *EARLY-BIRD discount*
aliboucoding.ck.page/d0f9317e13
i will buy your course if it using security for each service and using angular or reactjs for frontend
@BoualiAli could you please share the information of follow up video for custom Authorization
Wow, what an incredibly helpful video on Spring Boot! 🌱👍 I really appreciate the clear explanations and step-by-step instructions provided.
Thank you Ali I really appreciate you very much, stay blessed and God help you in all your endeavors. To find ones withh such a heart is rare
Thank you so much brother
JZK ❤️❤️
Such a great video. Thank you! A lot of people would like to see how to implement oauth2 with a logic jwt, once you singed in with a google, front get the jwt token and invoke any methods with the jwt token. That is means logic with the jwt token will be not changed, but we added google oauth2. None of youtube videos about this issue…
I really have this video idea on my todo list. it is just a matter of time and it will be done ASAP
@@BoualiAli Any update regarding this topic so far? Would be intersting to see it in combination with angular.
Great Video. It would be cool to see how the workflow looks when it is combined with a usual JWT Token authenticated with credentials.
Working on it already
@@BoualiAli Btw. what is the theme you are using?
@@zabialy2919 it is the default theme of the new version of intellij
Quick question:
My app uses the /register route for registering users and requires following fields:
name;
dob;
email;
password;
weight;
goal;
In one of your other videos You have for the /register fields only email and password.
How would the registering with google work, if I need not only email and password information, but also other information about the user and stroing that in a database
You request them as scopes and you will receive them in the token
Awesome video on OAuth 2.0 implementation using social logins. I never thought that this would be so much easier, but I think you made it easy to understand for beginners to experienced and seniors as well. Your contribution is very much valuable and I hope you get more and more support in terms of Subscription + likes + shares + comments.
Great to hear!
Great video, thank you so much. How about Android applications? Where should I make configuration of Oauth2 in this case? In android application or as you have shown in Rest API ?
Great content, can you please guide us on using JWT oauth2 in the combination of Authorisation server and resource server
This is what the video is about.authorization and resource server.
Can you explain more?
exactly
@@BoualiAli In this session you explained very clearly and in depth about the oauth2 concepts and with an example of social login providers like google, facebook and github. What we are asking is, implemention of oauth2 using spring security without any external providers. At the high level
1. One spring boot application (Act as a authorization server) - This application is responsible for validating the user credentials, generating the token (JWT or JDBC) and validating the token. Hence user details needed to be stored in our database not in third party providers.
2. Another spring boot application (Act as a resource server) - This application may contains both secured and public endpoints. if user try to access the secured endpoints the request must be validated by our Authorization server application (We are sending the token as bearer in header). If a particular request is valid then we can access the secured endpoints otherwise un authorized. Hope i answered your question...
@@vageeshanvageesh5583 now it’s clear
I will take note of that and prepare a course about it
@@BoualiAli Thank you so much man, Im trying to implement this from past months but no luck, If you have some time please guide us on this.
Thanks for the video.
Do you have any plans to make video about using both jwt token authentication and identity provider (oauth2) together ?
keycloak video is coming next week
this video is so simply for every one to understand..can you make more videos on this?
Really happy you liked it
Sure I will
Thank you for sharing. I have som questions: after I login by gmail successfully, How can I use the credentials to access other services in microservices? Do I need create new access token to return to frontend? how to generate access token after login successfully?
Hi ali , appreciate your support .. can you update the method for the new spring security and adding it for jwt security ?
Thank you
Updated
@@BoualiAli
In which video please ?😅
@@kareemmosafi2117 check the spring security playlist
Thanks. There is one more fantastic tutorial. Get a clear-cut idea of how it works flow-wise and implementation-wise. Can you help or provide some idea how to implement social media login with JWT
I will try to cover it ASAP
Can I use this dependency spring-boot-starter-oauth2-client for application with React client? Or It's just for requests from resource server and I need to use spring-boot-starter-oauth2-resource-server to interact with React client in that case? I will be happy to hear about it)) Thanks for the video)
Nice video. But what if I have a custom token using Auth0, and I want to limit or bind oauth2 login page response to only a specific endpoint?
I tried something like that using Spring Security 6.3.0, and I couldn't figure it out yet.
/login to my custom JWT and /OAuth2 to be the receptor of the Google login page.
When I used oauth2Login, the login page responds even in non-existent endpoints
Thanks buddy and i like how your doing real solutions example which someone can apply to their personal project Next maybe we should host this app now
Really happy you liked it
@@BoualiAli when can we expect the combined oauth and jwt authentication??
you are really awesome..Thank you for this valuable session..
Glad you think so!
Thank you. Very userful for beginners.
Happy you liked it
Thank you so much, i've learned a lot from you, may the Almighty reward you !
The next thing i would like to learn from you is microservice and ci/cd approach.
I’m preparing a good thing about microservices
Just still need some time to make it done ✅
🤩 Video is awesome. i have few questions.
✋ What if our application uses all type of Auth. Email Password, Google, Facebook and Apple? and we also want to use the JWT for client & server communication?
✋ What about the mobile apps front end side to authenticate, mobile apps have different behaviour in Apple Authentication?
🤌 Please make a video for these requirements. i really want to learn all of these.🤌
I already planned this video but I just can't find enough time to do it.
But I will so soon
Thanks always for your easy to understand videos.
Quick question: I already have the jwt token authentication where a user signs up and the details are stored on my database, now i want to include the oauth2 authentication, where the user has an option to click on a sign in from google button. Would these two auth mechanisms be configured in thesame bean or they would have seperate beans for each? Also can I read the info of the user from google and save on my db?
thanks in anticipation.
You can have them both together.
I’m working on a course that covers this two options with an angular frontend
@@BoualiAli thanks a lot for responding. awaiting the course.
@@BoualiAli would love to see this in Angular implementation too.
Thank you so much
your video helped me alot.
You're welcome!
I liked the video and the explanation.
Question: How can we control the user wether he's authorized to get ressource or not using the social auth. providers (school case: admin has full access and normal user have standard access) ?
Thanks for responding.
This role base auth,
You can save the user info locally and based on that you can assign him a role.
You can also use your own oauth 2 server like keycloack and there you can assign roles
9:41 amazing diagram to understand.
Dear, I have gone through so many videos from paid courses as well but really didn't see any such tutorial. You really explained and demonstrated so easily. Salute to you. Keep it up.
Thank you so much for such informative video.
I really appreciate and like your comment and feedback
Glad it was helpful!
how can i add this to my current custom register login with jwt ! and what do i save in the db if i dont have pw for the user
better use keycloak.
check the video in my channel.
I will release a new one how to integrate it with spring boot and angular
really appreciate your support sir, please make a vedio for login form with latest version of spring boot + jwt security+angular ui.. thanku
Already uploaded
COUPON Code: *EARLYBIRD20* => Spring Data J PA course: aliboucoding.com/p/the-full-guide-to-master-spring-boot-data-jpa
Amazing sir, i follow your video about spring security. How can i add the capability login social media to Spring security with jwt before?
I will publish it soon
@@BoualiAli thank you sir. I wait your video
thanks a lot ! this was very helpful but I have a couple of question, how can you use a custom login form for OAuth2 and how can you combine OAuth2 and JWT mechanism ? Thanks a lot in advance
Coming soon
Thanks for the video it helped a lot .A question how can one customize the sign in page and thanks
Wait for the Keycloak video and you will never use another tool
Hello @BoualiAli, I've been following your channel for while and i must say, you have one of the best springboot content on UA-cam. Well done. That being said, I have a question and I'd really appreciate your prompt response. How do I implement OAuth (in my case, Google and Facebook) together with traditional user login (username and password authentication)?
Thanks, will do!
Great video Ali. But I don't understand something, we say that resource server is our backend app, the client (the one who wants access to the resource uri) is the browser, and authorization server is GitHub. But what exactly is the role of the application we created in github? Why we had to create this app and what is the relation with this app and our spring boot backend app? Also I didn't quite catch the clientId- secretId role. Thanks
in order to be able to use Github as an ID provider
@BoualiAli where is the follow up video for custom Application authentication using springBoot?
check the book social network playlist
I hit like before I even watched it .......knew it was gonna be great , and it was !!
Best comment ever.
You just made my day. Thanks a lot bro
Thank you very much! Is it possible to make a video for setting up Signle Sign On auth server (SSO) with social login?
Soon
Question : at 29:00 , why you choose desktop app and not web application ?
we app is M2M
Very nice video. But what if you have for example react app on frontend/client that has regular form login with also social login.
This is the next Oauth 2.0 video
How to implement fullstack login
@@BoualiAli looking forward to it!
@@BoualiAli Also looking forward to that!
I must say Awesome and you cleared all my problems you deserve the all likes ,subscriptions and shares and reach the great heights in the future so coming to the point will you explain how to stay update of the technologies and for every 6 months spring team changing the methods and a lot so my question is how are you able to stay update with that if you don't mind will you explain this please brother
I really appreciate the feedback
Could you please show different ways of applying or using of "rememberMe" in spring boot 3 (spring security 6)?
I will make a video for that
Nice video !! can you create a video about web security . a kind of road map or best practises a devloper can follow to make a safe application from different type of attacks
I will create soon a video about software quality and best practices. I will also consider a video about security
I have to add this in my existing project , so when I add the dependency for oauth resource server in my Pom file it shows not found. Can you tell me how can I add ?
Is it possible to build a service to support multiple external authorization services and then the service itself acts as an authorization service so that there is always only one auth server for the multiple oAuth clients?
Nice one... Can you please create video on sign up with apple
It is the same concept
Hi, can you provide any solution to integrate OAuth2.0 with existing JWT?
when i using google provider. why does it show me "[invalid_id_token] An error occurred while attempting to decode the Jwt: The ID Token contains invalid claims: {iat=date}" ?
Thanks for this video. If its for the first time that client is visiting this endpoint and needs to have a user account, can we create a user account with OAuth2 login? And if so, how to do that?
The user should create an account on (Github, facebook, ...) and the use it.
Your application should not really care about that. It is totally up to the client to do that
Thank you so much for this video.
When can we expect a video with both OAuth2 and JWT Token? I'm stuck with this part and I can't seem to find a way to solve it
I will try to record it ASAP
@@BoualiAli Thank you for your time! Can't wait!
@BoualiAli Thank you for this great video. I want to ask that is there a way this can be used to the app itself(Like the JWT) without going to the third-party app like facebook or github? Please tell me how.
If I correctly understood you question, YES it is possible but you need to implement your own Auth server / resource server
Where are you creating the front end page in this one,can you please explain it
That page is automatically generated by spring
zo'r chiqibti👍👍👍👍
Great tutorial, what about open id connect? how to do authentication?
I need to try that first and then I will let you know
You are great teacher.
Thank you! 😃
Excellent video! Thank you!
Glad you liked it!
how to configure our own oauth (other than Google, Github, Facebook)? Did you make a video about that? thanks
I will create one about keycloack soon
excellent as always !
can we use DaoAuthenticationProvider with Oauth 2 ? i mean 2 types of authentication
The Oauth 2 is jwt based auth too. But the users are not stored on your side but on the auth provider side.
I will create soon a video about keycloak and you will understand the oauth2 process much better
Thank you Ali for neat explanation.
Your intellij setup is looking good, may I know which theme and icons pack are you using?
Thanks for the feedback.
This is new UI theme from the latest version of intellij
Thanks for sharing Ali
My pleasure
Hello Ali. Thanks for this video. But I have a question. I want to take google users info for example mail, name, surname etc. after this part. How can I do this?
I'm already working on it.
It will be released really soon
I can't integrate OAuth2 in a Rest api secured with JWT.
Thank you So much , Like before watching
So nice of you
Linking the link in the description lol Thanks Alibou..
Happy you liked it!
wonderful video. Best teacher for spring boot. @Bouali Ali could you please make video for gateway + authentication-service(jwt) + other+services.
means the user will ask other services through gateway.
but gateway will allow or block the request by valider the token from authentication-service
i use RestTemplate inside gateway to request authentication-service, but it does not work.
I will publish a video like that soon
@@BoualiAli t'est le meilleur
Well explained. Thank you Ali
Really happy you liked it
Great content aloulou, thank you so much bro
Ny pleasure bro
Thanks a lot boss. Your courses are really helpfull to me.
Thanks
Really happy to know that
Hello i have register login with jwt now i want to add also social login can i make the user login and generate for him jwt token after successful login? and in the db what do i save if i dont have password since social login doesnt require pw hope you help and thanks.
Currently I'm using spring boot 2 version, Is this tutorial applicable for me?
Yes
When I creating app in google cloud, it asking redirect-uri. It should end with login/oauth2/code/google and for github it should end with login/oauth2/code/github
The redirect URI is where do you want to be redirected after a successfull login
@@BoualiAli yes, also google server send a token to this uri. And for normal recieve this token by spring ouath2 module, it should come exactly to the login/oauth2/code/google uri
Thank you so much.
HttpSecurity.oauth2Login() is deprecated and marked for deletion. How to change the implementation?
I will create new videos to show how to upgrade to Spring boot 3.1 for both WT and OAuth2
@@BoualiAli Thank you so much for all the content you are providing.
replace .oauth2Login() with .oauth2Login(oauth -> {})
if you want to add more logic you can do it inside the lambda expression ! hope this helps !
Hi @khalilbouali3480, thank you so much for your answer! I really appreciate your help and guidance. Your explanation was clear and easy to understand. I'm grateful for your support. Thanks again!
How can i make so that a frontend application can access the authorized backend data? I.e we authorize through backend login but then show this data in our front end?
Just redirect the frontend to the login url
@@BoualiAli so for example I have a end point @3000 for front end and auth page @8000 local host I redirect and login. It gets authorized for me but not the front end point @3000 I'm not sure if I'm explaining it that great and there may be a gap in my knowledge but that's the issue I'm facing
Thank you for explanation
My pleasure
Hey Bouali, you are really doing a great work here.
Thanks a lot
is there any difference between making spring boot project on spring initializr website and doing that inside intellij? In intellij we can also use spring initializr
No difference. Both are calling the same API
i cant use the .Oauth2Login() in the security filter. please is there a new way to use Oauth in spring?
check today's video for a detailed answer
Excellent explanation 🙌🏻 Keep videos like this coming 🙌🏻
Absolutely
Thank you for the feedback
Please do a .video on Spring Security and Azure SSO.
I will try to
Great job 👍👍
Happy you liked it
Subscribed -:) awesome content
Happy to have you here 😁
in oauth 2.0 open id can we use along with jwt token or is it must be a seperate? so if we might be use jwt + oauth2.0 there is must be another configuration? can you refer me? thank you in advance
you can use both together
Hello. Thanks for the video. I clone this project in my intellij and, with my google account, request loop on google oauth authentication and never give the controller answer "Hell OAuth2". It's a problem of ... something but what ? console app config ?.
did you change the credentials?
@@BoualiAli Sorry do not answer before. I must have made a mistake but I don't know what mistake. I started from scratch and it worked.
Thank you so much for this video
You're so welcome!
thank you so muchh
Hi @Bouali Ali, this video is so informative and well explained each and every step, Thank you for making this video. Could you please make a video where linkedin and twitter used as social login platform instead of github and google that can be very useful for us. Please make a video on this topic, request from your subscriber
Really happy you liked it
Already preparing the content
@@BoualiAli sound awesome ❤️
can we use oauth2 with authorization code grant type with native mobile app
if yes should it make sense that mobile app redirect us to the authorization server login page?
Yes you can.
Yes it makes sense (already exists on many mobile apps)
great content
Can you add logout feature (say from react by using fetch)
soon
Good content
Really happy you liked it
Great Content 📈
Thanks bro
Thanks a lot, you are really inspiring and motivating me with your sharing and guidance.
Thanks a lot bro.
You’re my motivation
Do you know how to secure resource server with these two auth providers? Concretely, how to enable client to choose which one provider he wants to use to login and get data from resource server?
Can you give more insights , i didn’t 💯% understand your question
@@BoualiAli I have 3 separated projects: client , authorization server and resource server. To explain a bit better that architecture in real use-case, resource server is like backend app, client is some front app, and authorization server is to authenticate and authorize end user. To enable client to get data from resource server user has to login via auth server. Have you ever tried to implement authorization with multiple auth providers (like Github or Google or custom authorization server in my case)?
@@pad5724 i will make a video on how to implement front end and backend using oauth 2.0
In the frontend you will be able to choose which provider to use to login…
@@BoualiAli ok, thank you
Perfect video
Thank you!
Hi @BoualiAli, I need some guidance on implementing the below scenario -
Assume there are 4 controllers in the application currently and there will be new controllers added in future. Each service may have multiple operations - read, edit, create, delete. I want read to be provided to specific role.
Also, assume there are 3 roles now - Admin, manager and user. There will be additional roles that will be created in future.
I want to define Role, Service and operation in DB table. Based on this combination the authorization should be provided to users.
User will have a Role
Role will have Service.operation
Can you please suggest me the best approach to implement this requirement.
Check the Roles & Permissions video and you will get your answer
this code will not work with spring 2.7.1????
It should work. But take into account some changes maybe
I never tried using 2.7
when i try to call the api from postman with access token it returns me the google login page (I have used google to login, when i used in browser it works fine ), can you help me with this issue
When using postman, in the auth tab, select oauth2 and then you need to configure the connection and then it will generate the token and you will be able to use to query the backend
@@BoualiAli I try doing with your suggestion, but I can't use the gererate token to cal my API. It's always return github login page. Please help me explain about that. Thanks
@@QuocNguyen-cf2dw you need to generate a token first
Naxt: Please make a video on If someone register in our app using social account then how that user details will be stored in our database.
Coming soon
Proud of you brother ;)
Thank you so much brother. Happy to know that you still check on me
please create a video on OAuth 2.0 using Azure active directory using Graph API
Will try to