Thanks for the prompt reply my comments.One thing please I am not find in Okta Application tab to create the oid connect link there are lots of tab available please can you help we here will be go to create the this details your reply will be very helpful to everyone.
@@securityinaction1018 Now current day the Okta Web page has been changed and we are not find where it is OIDC is create, please help ,your prompt response will be very apricated.
I am not really sure because when I login to my Okta developer account, I see that option. Okta docs help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm also matches with my screens
Your content is excellent! Appreciate your work very much. I had a question - Let's say if I have 100 microservices under an app portfolio, would I need to just register at a portfolio level and get one registration id, one client id and secret pair, and then use the same in all the 100 microservices property file to generate access token? What would be your best practice to do this with regards to api to api calls between those 100 services?
This video talks about web integration using OIDC protocol. If I am not wrong, the use case that you described refers to a client app calling 100 microservices. Is it one client app calling 100 services?
@@securityinaction1018 Sorry I have been watchin many of your videos and was generic here with regards to the question. I am not talking about web integration with OIDC. I was asking about API to API inter service calls using an access token based authorization such as okta. Do I need separate client id, client secret for all? Or if all the 100 services are under an app portfolio, is it fine to create one pair and reuse?
Firstly, you need to identify whether all these are internal or external facing APIs. You can have different strategies depending on that. Assuming all are external facing APIs, it is always recommended to have separate client ID / secret for each client. The main reason for that is let's say one of the client ID / secret got leaked to a hacker and you are planning to reset the client secret, all the client apps have to be modified which will cause a downtime. However, please note that there might be some limit on number of applications that you can create in Okta. Please check with Okta support.
Thank you for the video. Can you answer these questions ? These questions might silly but I am new to security 1. What if multiple users registers through UI do we need to add them manually in people in Okta Application ? if yes how to do it automatically. In real time that is not things are working right in typical web application ? 2. we have given Id, Secret ID for one user and how it is working for multiple users ? do we need them all ofcourse no right ?
Welcome!! 1. In a real time application, you can enable self-registration as mentioned here help.okta.com/en-us/content/topics/users-groups-profiles/usgp-self-service.htm and users can register themselves. If you don't want random users to register, then you can build an Admin UI where someone can login and create users. This Admin UI app can use Okta APIs to create users. 2. Client ID / secret is not per user. It is configured in the Spring Boot application. Please like, subscribe & share!! Thanks in advance.
Is there any reason for not using spring security? I think some details are available in this documentation docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html
Do you want to generate a token using client_credentials grant or authorization code grant? Please like, subscribe & share this video / channel !! Thanks in advance.
hello Getting output in this manner Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=*******, SessionId=************], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
I am not sure what is really happening since it is difficult to find out without debugging. May be the user credentials that you are using is not assigned to that particular Okta application. But, I am not 100% sure.
Please subscribe to this channel for regular updates ua-cam.com/channels/EEayyyCrJO94FYlzF0NLTg.html
Thank You for the support.
I started seeing okta today itself and got this video, saved my day. Thanks. You got another subscriber 🎉
Great!! Glad that it worked and Thanks for subscribing.
Very help and well explained.
Thank You!!
Please subscribe, like & share to support this channel. Thanks in advance.
Great video, thanks
Glad you liked it!
Please like, subscribe & share!! Thanks in advance.
Very informative your videos, please provide the every video developed program github link so it will be very helpful to every developer.
Sure, I will consider making the code available on GitHub.
Please like, subscribe & share this video / channel !! Thanks in advance.
Thanks for the prompt reply my comments.One thing please I am not find in Okta Application tab to create the oid connect link there are lots of tab available please can you help we here will be go to create the this details your reply will be very helpful to everyone.
While Creating the app itself, you can select "OIDC - OpenID Connect" in "Create a new app integration" screen
@@securityinaction1018 Now current day the Okta Web page has been changed and we are not find where it is OIDC is create, please help ,your prompt response will be very apricated.
I am not really sure because when I login to my Okta developer account, I see that option. Okta docs help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm also matches with my screens
hello sir , should you make a video that how i will store user in okta using springboot dynamically ?
Sure, I will consider that.
You got another subscriber, i love bro hahaha you saved me literally! how can i invite you a coffee?
Welcome aboard! Thank you :)
Would you still choose web app if your using react on the frontend ?
I think it is still required assuming react frontend will call SpringBoot REST APIs in the backend
5:38 is where the fun starts
Your content is excellent! Appreciate your work very much. I had a question - Let's say if I have 100 microservices under an app portfolio, would I need to just register at a portfolio level and get one registration id, one client id and secret pair, and then use the same in all the 100 microservices property file to generate access token? What would be your best practice to do this with regards to api to api calls between those 100 services?
This video talks about web integration using OIDC protocol. If I am not wrong, the use case that you described refers to a client app calling 100 microservices. Is it one client app calling 100 services?
@@securityinaction1018 Sorry I have been watchin many of your videos and was generic here with regards to the question. I am not talking about web integration with OIDC. I was asking about API to API inter service calls using an access token based authorization such as okta. Do I need separate client id, client secret for all? Or if all the 100 services are under an app portfolio, is it fine to create one pair and reuse?
Firstly, you need to identify whether all these are internal or external facing APIs. You can have different strategies depending on that. Assuming all are external facing APIs, it is always recommended to have separate client ID / secret for each client. The main reason for that is let's say one of the client ID / secret got leaked to a hacker and you are planning to reset the client secret, all the client apps have to be modified which will cause a downtime. However, please note that there might be some limit on number of applications that you can create in Okta. Please check with Okta support.
@@securityinaction1018 Thanks!
Thank you for the video.
Can you answer these questions ? These questions might silly but I am new to security
1. What if multiple users registers through UI do we need to add them manually in people in Okta Application ? if yes how to do it automatically. In real time that is not things are working right in typical web application ?
2. we have given Id, Secret ID for one user and how it is working for multiple users ? do we need them all ofcourse no right ?
Welcome!!
1. In a real time application, you can enable self-registration as mentioned here help.okta.com/en-us/content/topics/users-groups-profiles/usgp-self-service.htm and users can register themselves. If you don't want random users to register, then you can build an Admin UI where someone can login and create users. This Admin UI app can use Okta APIs to create users.
2. Client ID / secret is not per user. It is configured in the Spring Boot application.
Please like, subscribe & share!! Thanks in advance.
Can you create a video to explain how can I implement step 7,8 and 9 within my application if I don't want to use spring security to do it.
Is there any reason for not using spring security?
I think some details are available in this documentation docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html
Very well explained. But your voice is very low in this video.
Thank You!! I will try my best to fix the audio.
Please subscribe, like & share to support this channel. Thanks in advance.
How can I generate token from Postman using okta OAuth 2.0?
Do you want to generate a token using client_credentials grant or authorization code grant?
Please like, subscribe & share this video / channel !! Thanks in advance.
@@securityinaction1018 I want to try both client_credentials and authorisation code.
hello Getting output in this manner
Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=*******, SessionId=************], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
I am not sure what is really happening since it is difficult to find out without debugging. May be the user credentials that you are using is not assigned to that particular Okta application. But, I am not 100% sure.