Your /login implementation is great♥👍. Whats your opinion about handle /login in different way??. It goes to Manager (to validate username & password) and then going to Provider (to forming jwt). So no need to define /login in controller. That is how I am doing right now but not sure it is good or bad implementation. Because AFAIK in non-webflux security, there is no controller /login needed. So I think it should have same flow with non-webflux.
Hey there, good question! If I were to do it again, I probably would do as you suggested: route all authentication matters to the AuthenticationManager and have a specific AuthenticationProvider since this is the correct way of doing it. In this video you can also see this flow ua-cam.com/video/I72lTb2O8ls/v-deo.html
Thank you for the amazing job. I also want to see you coding spring webflux security using graphql and explaining how to react when the jwt token expires. Thank you.
Hi Alex. Thank you so much for such a clear example. I have some trouble with your code example. When an exception happens while a token is analyzed I receive a 401 HTTP error with the header "WWW-Authorization=Basic realm ...". How can I cause to it to send me the www-autorization=bearer?
@Alex - This is useful to get started. It would be helpful you had covered Oauth2 - Authorization Server, Oauth2 - Resource Server and Oauth2 protected REST resources seperately. If this is too much of asking then ignore :)
Thanks for your comment! Please note that Firebase is a different matter to what I have done in this video since Firebase is providing and validating the tokens. It goes beyond of this tutorial, but I will record a dedicated video showing how to make use of Firebase in Spring Boot.
Hey Muhammad, you can define your own exception like I have done here github.com/alexgutjahr/yt/blob/4308e482193e6f26573937a5474224b5459e440f/spring-jwt-auth/src/main/kotlin/com/alexgutjahr/Authentication.kt#L54
Hi Alex I tested, the parser of jjwt can automatically throw "io.jsonwebtoken.ExpiredJwtException" when token is expired, so it's unnecessary to check it by user.
Thanks for the comment and yes, there may be issues when you use this or other packages since I did not use them in my example so the code must be most likely changed for those packages.
I think its the reactiveauthenticationmanager thing, i tried by force them to authenticate with onerrorrrsume the continuing jwt authentication i dont feel if its right.. have u tried to combine it? Using custom jwt along with resourceserverspec? it would be great tortorial videos since i havent found one yet
Grab the code here axgr.dev/posts/spring-security-jwt/?
Like somebody would said: "Work like a charm" -Thank you a lot Alex!
Thanks Felipe, happy to hear that!
Your /login implementation is great♥👍. Whats your opinion about handle /login in different way??. It goes to Manager (to validate username & password) and then going to Provider (to forming jwt). So no need to define /login in controller. That is how I am doing right now but not sure it is good or bad implementation. Because AFAIK in non-webflux security, there is no controller /login needed. So I think it should have same flow with non-webflux.
Hey there, good question! If I were to do it again, I probably would do as you suggested: route all authentication matters to the AuthenticationManager and have a specific AuthenticationProvider since this is the correct way of doing it. In this video you can also see this flow ua-cam.com/video/I72lTb2O8ls/v-deo.html
Thanks Alex, really educative and well presented content, helped me a lot
Thanks Jiří, appreciate the feedback!
Thank you for the amazing job. I also want to see you coding spring webflux security using graphql and explaining how to react when the jwt token expires. Thank you.
Thanks İsmail, noted! I have tutorials on GraphQL coming up and will also certainly record a follow-up to JWT authentication!
Hi Alex.
Thank you so much for such a clear example.
I have some trouble with your code example. When an exception happens while a token is analyzed I receive a 401 HTTP error with the header "WWW-Authorization=Basic realm ...". How can I cause to it to send me the www-autorization=bearer?
Thank you for watching and sharing your feedback, Boris!
@Alex - This is useful to get started. It would be helpful you had covered Oauth2 - Authorization Server, Oauth2 - Resource Server and Oauth2 protected REST resources seperately. If this is too much of asking then ignore :)
Thanks mate, I'll definitely cover it in a dedicated video!
are you using record or something new from java 17? Coz the syntax was throwing me off
Yeah, I am not using Java at all - this tutorial makes use of Kotlin for the programming language.
Hello, when I add firebase auth, the library does not appear. When I add storage, the library appears. Am auth does not appear. Help
Thanks for your comment! Please note that Firebase is a different matter to what I have done in this video since Firebase is providing and validating the tokens. It goes beyond of this tutorial, but I will record a dedicated video showing how to make use of Firebase in Spring Boot.
how can we throw
custom exception
when we get token-expired or invalid-signature
Hey Muhammad, you can define your own exception like I have done here github.com/alexgutjahr/yt/blob/4308e482193e6f26573937a5474224b5459e440f/spring-jwt-auth/src/main/kotlin/com/alexgutjahr/Authentication.kt#L54
hello alex, can you please do it for java
Hey man, sorry, but I stopped writing Java code a long time ago and will only focus on Kotlin whenever I do Spring tutorials.
Thanks a lot
Thx you Alex
My pleasure!
Super
Thanks!
Hi Alex
I tested, the parser of jjwt can automatically throw "io.jsonwebtoken.ExpiredJwtException" when token is expired, so it's unnecessary to check it by user.
Awesome, didn't know that - thanks for sharing!
this wont work if i using oauth2.resourceserverspec.jwt
Thanks for the comment and yes, there may be issues when you use this or other packages since I did not use them in my example so the code must be most likely changed for those packages.
I think its the reactiveauthenticationmanager thing, i tried by force them to authenticate with onerrorrrsume the continuing jwt authentication i dont feel if its right.. have u tried to combine it? Using custom jwt along with resourceserverspec? it would be great tortorial videos since i havent found one yet
@@massiveblackwood thanks for the feedback! No, I have not yet tried to combine the approaches, but added it to my backlog as a follow-up video.