Getting Started with Spring Authorization Server

Поділитися
Вставка
  • Опубліковано 18 гру 2024

КОМЕНТАРІ • 17

  • @michaeldeng1981
    @michaeldeng1981 3 роки тому +2

    Finally, Authorization Server. Thank you

  • @phamduyphuong7907
    @phamduyphuong7907 3 роки тому +9

    Thank you for your presentation. Can you show a details version about UserDetailsService implemetation with database authentication instead of in memory. Thanks

  • @arminghavidel7684
    @arminghavidel7684 3 роки тому +4

    Thank you for your presentation. Where can I find the hones-client and evil-client examples?

  • @zeratultarsonis9630
    @zeratultarsonis9630 3 роки тому +1

    nice, waiting for the full OIDC implementation. :)

  • @sahariaralamkhandoker3178
    @sahariaralamkhandoker3178 3 роки тому +5

    Could you please share the codes?

  • @lucaleonardoscorcia2716
    @lucaleonardoscorcia2716 3 роки тому +2

    Nice video showcase! I was wondering two things: 1) how should one customize the credentials or consent screen? 2) what if I want to delegate user authentication to another method beyond user/password (say, X509 cert or SAML or even another OIDC identity provider like Google Auth, behaving somewhat like an authentication proxy)?

  • @kmukthi1
    @kmukthi1 3 роки тому +2

    Could you please post the links to the code samples used in the video ? Thanks

    • @mwzenas
      @mwzenas 2 роки тому

      Yes, this will be very good for us

  • @Jawwad124
    @Jawwad124 2 роки тому +3

    There is almost no information on how to get started, should have a separate sessions on attacks and all.

  • @JavaAnatomy
    @JavaAnatomy Рік тому

    Hello sir.
    I have this scenario.
    ServiceA that provides an angular app with data and ServiceA needs to be protected. That is fine, I made it a resource server, and had a separate auth server to handle authentication. But now, ServiceA additionally call another protected ServiceB and ServiceC. ServiceB & ServiceC both have their own separate authentication as they are different external companies. ServiceB & ServiceC are both a resource and an auth server which I heard there is nothing wrong with that setup. Now, given that ServiceA as a resource server needs to be a client and call another protected service itself, is there support for a service to be both resource and client at the same time? How do I handle this scenario
    I notice that once I add a dependency for oauth2-client, in the resource-server with appropriate configs, I always get a message acess denied ,Login with OAuth 2.0, when i try to access any endpoint of the resource server.
    Even after I authorised and got an access token.

  • @Bifonic
    @Bifonic 2 роки тому

    Won't there any problem to have an authorization-server and a resource-server in the same application?

  • @pradeepns9052
    @pradeepns9052 2 роки тому

    Hi..
    Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database.
    What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless).
    Should the Authorization Server be customized to connect to the
    identity provider Authorization Server and generate tokens from the custom Authorization Server?
    or
    Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider?

  • @vukkumsp
    @vukkumsp 3 роки тому

    Why endpoints like /authorize ... are kept in Client part of project. /authorize endpoint should be part of Authorization Server right ? Am I missing something here ?

    • @gustavodesouzalemos8426
      @gustavodesouzalemos8426 2 роки тому +1

      Oh, that "/authorize" has nothing to do with authorization's server endpoint whose by default is "/oauth2/authorize". The first endpoint could be anything else and they showed that you can customize the latter one by the exposed ProviderSettings bean

  • @erickloningo2252
    @erickloningo2252 3 роки тому

    Awesome presentation, leant alot.

  • @tosandeepyandra
    @tosandeepyandra 3 роки тому

    Please do share the code examples

  • @raydeng83
    @raydeng83 3 роки тому

    This is awesome!