Thank you for your presentation. Can you show a details version about UserDetailsService implemetation with database authentication instead of in memory. Thanks
Nice video showcase! I was wondering two things: 1) how should one customize the credentials or consent screen? 2) what if I want to delegate user authentication to another method beyond user/password (say, X509 cert or SAML or even another OIDC identity provider like Google Auth, behaving somewhat like an authentication proxy)?
Hello sir. I have this scenario. ServiceA that provides an angular app with data and ServiceA needs to be protected. That is fine, I made it a resource server, and had a separate auth server to handle authentication. But now, ServiceA additionally call another protected ServiceB and ServiceC. ServiceB & ServiceC both have their own separate authentication as they are different external companies. ServiceB & ServiceC are both a resource and an auth server which I heard there is nothing wrong with that setup. Now, given that ServiceA as a resource server needs to be a client and call another protected service itself, is there support for a service to be both resource and client at the same time? How do I handle this scenario I notice that once I add a dependency for oauth2-client, in the resource-server with appropriate configs, I always get a message acess denied ,Login with OAuth 2.0, when i try to access any endpoint of the resource server. Even after I authorised and got an access token.
Hi.. Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database. What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless). Should the Authorization Server be customized to connect to the identity provider Authorization Server and generate tokens from the custom Authorization Server? or Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider?
Why endpoints like /authorize ... are kept in Client part of project. /authorize endpoint should be part of Authorization Server right ? Am I missing something here ?
Oh, that "/authorize" has nothing to do with authorization's server endpoint whose by default is "/oauth2/authorize". The first endpoint could be anything else and they showed that you can customize the latter one by the exposed ProviderSettings bean
Thank you for your presentation. Can you show a details version about UserDetailsService implemetation with database authentication instead of in memory. Thanks
Finally, Authorization Server. Thank you
Thank you for your presentation. Where can I find the hones-client and evil-client examples?
nice, waiting for the full OIDC implementation. :)
Could you please share the codes?
Nice video showcase! I was wondering two things: 1) how should one customize the credentials or consent screen? 2) what if I want to delegate user authentication to another method beyond user/password (say, X509 cert or SAML or even another OIDC identity provider like Google Auth, behaving somewhat like an authentication proxy)?
Could you please post the links to the code samples used in the video ? Thanks
Yes, this will be very good for us
Hello sir.
I have this scenario.
ServiceA that provides an angular app with data and ServiceA needs to be protected. That is fine, I made it a resource server, and had a separate auth server to handle authentication. But now, ServiceA additionally call another protected ServiceB and ServiceC. ServiceB & ServiceC both have their own separate authentication as they are different external companies. ServiceB & ServiceC are both a resource and an auth server which I heard there is nothing wrong with that setup. Now, given that ServiceA as a resource server needs to be a client and call another protected service itself, is there support for a service to be both resource and client at the same time? How do I handle this scenario
I notice that once I add a dependency for oauth2-client, in the resource-server with appropriate configs, I always get a message acess denied ,Login with OAuth 2.0, when i try to access any endpoint of the resource server.
Even after I authorised and got an access token.
Awesome presentation, leant alot.
Hi..
Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database.
What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless).
Should the Authorization Server be customized to connect to the
identity provider Authorization Server and generate tokens from the custom Authorization Server?
or
Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider?
There is almost no information on how to get started, should have a separate sessions on attacks and all.
Won't there any problem to have an authorization-server and a resource-server in the same application?
Why endpoints like /authorize ... are kept in Client part of project. /authorize endpoint should be part of Authorization Server right ? Am I missing something here ?
Oh, that "/authorize" has nothing to do with authorization's server endpoint whose by default is "/oauth2/authorize". The first endpoint could be anything else and they showed that you can customize the latter one by the exposed ProviderSettings bean
This is awesome!
Please do share the code examples