Thanks for the video! I noticed that it's implemented quite differently from ua-cam.com/video/B5tcZoNyqGI/v-deo.html, where you said that the most secure way to implement it was through authenticating through the backend. In this video the API acted as a "resource server". I'm creating an application with a React frontend that will make API calls to a Spring Boot backend. Will I need to follow the same strategy in this video instead of the other video because the React frontend will need to send access tokens to our Spring Boot resource server?
If your frontend and your backend are on the same domain, I'd recommend using the technique described in the Spring Boot + React video you linked to above. This is also called the Backends for Frontends Pattern (BFF). If you must deploy your frontend on a different domain (or you're packaging it as a mobile app), then authenticating on the frontend and passing an access token to the backend is recommended.
Matt love your videos! Deep appreciation
Thanks for the video! I noticed that it's implemented quite differently from ua-cam.com/video/B5tcZoNyqGI/v-deo.html, where you said that the most secure way to implement it was through authenticating through the backend. In this video the API acted as a "resource server". I'm creating an application with a React frontend that will make API calls to a Spring Boot backend. Will I need to follow the same strategy in this video instead of the other video because the React frontend will need to send access tokens to our Spring Boot resource server?
If your frontend and your backend are on the same domain, I'd recommend using the technique described in the Spring Boot + React video you linked to above. This is also called the Backends for Frontends Pattern (BFF). If you must deploy your frontend on a different domain (or you're packaging it as a mobile app), then authenticating on the frontend and passing an access token to the backend is recommended.