How to get rid of the page at 22:09? It's ugly and completely unnecessary.
@securityinaction10182 күн бұрын
You can customize the login page as per Spring docs. I have not tried that.
@NavaneethaKrishnan0075 күн бұрын
have you posted any videos for the basics? like , what is SAML, what is OAuth, claims, assertion and all the basic concepts?
@securityinaction10183 күн бұрын
You can checkout some vides on OAuth basics. But, I don't have a detailed video on OAuth, OIDC or SAML basics. I wanted to post a series of videos. I will try to work on that in future. Please like, subscribe & share this video to support this channel !! Thanks in advance.
@ViswanathTumbalamGooty5 күн бұрын
Good video - One quick question, in step-4 said that the token will get validated... how and where the token will get validated ?
@securityinaction10183 күн бұрын
All these validations are taken care by SpringBoot security classes. You can customize this which is generally not required. Refer this documentation for more details : docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html#oauth2login-advanced-idtoken-verify Please like, subscribe & share this video to support this channel !! Thanks in advance.
@smartys1810 күн бұрын
Thanks for tutorial man.A big thanks
@securityinaction101810 күн бұрын
Welcome! Please like, subscribe & share this video to support this channel !! Thanks in advance.
@AdityaPatil-zy4et11 күн бұрын
Sir good video , just one request could you increase video audio
@securityinaction101811 күн бұрын
Thanks for the feedback. I will try my best to keep improving the quality of audio & video. Please like, share & subscribe to support this channel.
@harshats111 күн бұрын
how to change "exp" jwt claim in azure entra ID
@securityinaction101811 күн бұрын
You can try changing the token lifetime as mentioned here learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes and that should change the exp claim accordingly. I have not tried that. But, I think it should work. Please like, subscribe & share!! Thanks in advance.
@harshdasila668013 күн бұрын
Can you tell how we can skip the step for cognito hoisted UI and directly redirects the user to okta sign in page ?
@securityinaction101813 күн бұрын
You can pass the identity_provider parameter to /authorize endpoint as mentioned here docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html. If this value is passed, Cognito will not display the hosted UI login page. Instead, it will redirect to that IdP. Please like, subscribe & share!! Thanks in advance.
@harshdasila668013 күн бұрын
@@securityinaction1018 Thanks it worked
@Samir100119 күн бұрын
Comprehensive and easy to understand. Thank you for making this. As an extenstion of this if you could add later on "how we can incorporate mutltiple OIDC providers (yahoo, apple etc..) under same spring boot application" would be great!! 🤟
@securityinaction101818 күн бұрын
Glad it helped. Sure, I will post a video in future on how to integrate multiple OIDC providers.
@ritwikupadhyay88819 күн бұрын
Can you create a video to explain how can I implement step 7,8 and 9 within my application if I don't want to use spring security to do it.
@securityinaction101819 күн бұрын
Is there any reason for not using spring security? I think some details are available in this documentation docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html
@rohatgianu22 күн бұрын
Is this for Authentication and Authorization both? or just authorization
@securityinaction101821 күн бұрын
It's Authorization for APIs.
@rohatgianu21 күн бұрын
@@securityinaction1018 As i have to implement both Authentication and authorization both in my one api what do i follow? shall i implement this for authorization and kzbin.info/www/bejne/pWOsfmylfpt4p80 for authentication?
@securityinaction101819 күн бұрын
Yes, that's right. You can integrate your web app using OIDC and secure APIs using access token Please like, subscribe & share!! Thanks in advance.
@Jux92528 күн бұрын
Wish you covered logout flow as well
@securityinaction101828 күн бұрын
Sure, will do that in future videos.
@kashifejaz989Ай бұрын
Thanks for the video. Can i use hotmail or other Auzre tenant account for authentication?
@securityinaction1018Ай бұрын
I have not tried that. I think if you enable the option to allow other organization users, it might work.
@SubhashishBanerjee-kp8cwАй бұрын
Can we integrate Auth0 with AWS API Gateway REST API instead of HTTP API ?
@securityinaction1018Ай бұрын
Yes, you can do that. You have to configure a custom lambda authorizer for Auth0. Check out this blog on how to configure a lambda authorizer aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/ Please like, subscribe & share!! Thanks in advance.
@ArgKilljoyАй бұрын
Would this be the right approach if I then wanted to map roles from my Azure AD app? (Azure Entra ID)
@securityinaction1018Ай бұрын
Yes, you can use this approach to map the roles.
@ianhokageАй бұрын
Is it possible to request only the id token and additional claims? Will it still require client secret if i only need the id token?
@securityinaction1018Ай бұрын
Refer this learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-implicit-grant-flow Implicit flow allows that, but strictly not recommended. In authorization code grant flow, both ID and Access tokens will be returned. As per this doc learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow, client secret is not mandatory for public apps.
@ianhokageАй бұрын
@@securityinaction1018 If I don't need the application to access protected resources in my AAD tenant, do I still need to complete the authorization code flow with access token and client secret? I just need the application to leverage OpenID to authenticate the users. Do you think implicit flow using ID token is enough for my requirement? I want to take a hint in OIDC Playground, they have the OpenID-only mode in their options. Unfortunately, the OpenId-only mode is still not available:( I'm not really good at coding so I don't fully understand how to build an authorization code grant flow. I just need to protect my AAD environment and keep the setup as simple as possible. Not requiring a client secret would help so I don't need to renew these secrets every now and then.
@securityinaction1018Ай бұрын
Implicit flow is not recommended since it is not secure. I am not sure which framework you are using for your app. If it is java, you can refer this video kzbin.info/www/bejne/i5_ag2COareepdE on how to integrate a Java spring boot app with AzureAD using OIDC
@ianhokageАй бұрын
@@securityinaction1018 Thank you. Your videos are great by the way!
@securityinaction1018Ай бұрын
Thank you. Please like, subscribe & share!! Thanks in advance.
@afonsocasqueiro2135Ай бұрын
Hello, thanks for this its quite helpfull. I have a question, how should we do when we have several endpoints that required at least a user ID / email to be able to fetch some info from database? how should we make it work with auth0 to make sure requested user is logged in + matches the one logged in? Thanks
@securityinaction1018Ай бұрын
Userid or email is available in the ID token. I think you can customize the Auth0 access token to include these claims as well. The other question on "requested user is logged in + matches the one logged in" is not clear. Can you elaborate the scenario? Without authenticating in Auth0, the application cannot get the tokens like ID, Access token
@saikrishnavs7886Ай бұрын
what if we are not using the hosted UI of cognito. Does all the configs stays same as you shown or do we need some changes?
@securityinaction1018Ай бұрын
Facebook login won't work without Hosted UI. You can check this blog aws.amazon.com/blogs/security/use-the-hosted-ui-or-create-a-custom-ui-in-amazon-cognito/. Please like, subscribe & share!! Thanks in advance.
@schmackodanАй бұрын
Thank you so much. What a great tutorial!
@securityinaction1018Ай бұрын
Thank you!! Please like, subscribe & share!! Thanks in advance.
@varshithkumar7782Ай бұрын
Thank you so much. This is very well explained
@securityinaction1018Ай бұрын
Glad it was helpful! Please like, subscribe & share!! Thanks in advance.
@rajkumarwinc9372Ай бұрын
Could you please provide git link for this oauth2 authentication implementation ?
@securityinaction1018Ай бұрын
I will check and upload the code in Git if it is still available. Meanwhile, if you face any issues in setting up the workspace and code from scratch, please post your questions here. Please like, subscribe & share!! Thanks in advance.
@rajkumarwinc9372Ай бұрын
I have a query, In Azure ad we are able to get the access_token from OAouth2AuthorizedClient object in my spring boot application, if the user is using my application continuously in that case we have to increase the access token time limit accordingly right, so how to implement this could you please provide info 🙂
@rajkumarwinc9372Ай бұрын
I know we can get new token using refresh_token but I want to get a new token without refresh token
@securityinaction1018Ай бұрын
Is there any reason why you don't want to refresh the tokens? The best practice is to refresh the token periodically. I don't know if AzureAd has an option to increase the timeout for Access token. I know Cognito has that option.
@rajkumarwinc9372Ай бұрын
Sorry, actually in the msal4j library, the acquire token silently method is there, that's why I asked you , but just now I realised that we can refresh access token using refresh token. Could you please provide reference how to implement this in spring cloud gateway ?
@anhtuannguyen46642 ай бұрын
AADSTS50020: User account '' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. I have this error, how to use many user microsoft to login amplify without add them to tenant.
@securityinaction10182 ай бұрын
I am not sure if there is an option to do that. You can check this official documentation learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-AADSTS50020-user-account-identity-provider-does-not-exist on what needs to be done based on your use case.
@rakeshmallya55752 ай бұрын
if anyone is getting "The DPoP proof JWT header is missing" error in postman, go to the application you created in OKTA -> general settings and deselect "Proof of possession" option.
@securityinaction10182 ай бұрын
Thanks for sharing this info!!
@samSuraweera2 ай бұрын
Hi thanx for the video. The new Cognito documentation has Acs as -> Your user pool domain/saml2/idpresponse So I used the updated one with my domain name. But I get an error like Hmm. We’re having trouble finding that site. I double checked links urls and everything. what would be the issue here?
@securityinaction10182 ай бұрын
What happens if you directly hit that URL in browser? What is the domain that you have configured?
@user-wu5xq8nv2g2 ай бұрын
Thank you for the video. Can you answer these questions ? These questions might silly but I am new to security 1. What if multiple users registers through UI do we need to add them manually in people in Okta Application ? if yes how to do it automatically. In real time that is not things are working right in typical web application ? 2. we have given Id, Secret ID for one user and how it is working for multiple users ? do we need them all ofcourse no right ?
@securityinaction10182 ай бұрын
Welcome!! 1. In a real time application, you can enable self-registration as mentioned here help.okta.com/en-us/content/topics/users-groups-profiles/usgp-self-service.htm and users can register themselves. If you don't want random users to register, then you can build an Admin UI where someone can login and create users. This Admin UI app can use Okta APIs to create users. 2. Client ID / secret is not per user. It is configured in the Spring Boot application. Please like, subscribe & share!! Thanks in advance.
@mrwho25132 ай бұрын
hi there, what about the logout? does cognito provides log out from SAML provider, in this case Azure AD? or may Okta? I use aws amplify, and after the logout, the users still remails logged in IdP
@securityinaction10182 ай бұрын
As per this doc learn.microsoft.com/en-us/entra/identity-platform/single-sign-out-saml-protocol, AzureAD SAML logout supports only redirect binding (HTTP GET), and not HTTP POST binding. Cognito uses POST binding for SAML logout and that is the reason why IdP session is not logged out. I have not tested Okta. If Okta supports HTTP POST binding for SAML logout, it should work. Please like, subscribe & share!! Thanks in advance.
@mrwho25132 ай бұрын
@@securityinaction1018 I have tested with BOTH, indeed, cognito does not work with GET, Okta sends POST, but then okta session is still persisted, whereas AzureAD session is terminated, even though cognito returns with an error after the GET request, what a pitty
@securityinaction10182 ай бұрын
That's not good. Is Okta sending a successful response for SAML logout request from Cognito?
@danieladek52742 ай бұрын
Thank you so much for this video, this is the best Auth0 video I've seen so far. And thanks for showing a detailed and practical example. Question: assuming I want to send a jwt token to a react application after the user has authenticated just as in your video, how do I do this?
@securityinaction10182 ай бұрын
Glad it was helpful! Do you want to replace Java SpringBoot app with a React app? If so, I am sure React has some libraries for OIDC authentication similar to Java SpringBoot security libraries. I remember seeing something called NextAuth.js which supports OIDC for React apps. Please like, subscribe & share!! Thanks in advance.
@mrwho25132 ай бұрын
I get ?error_description=attributes+required%3A+%5Bfamily_name%2C+email%5D&state=KYTO9Q3NgMaYfcDhpIJelhko4AHUAzRn&error=invalid_request
@securityinaction10182 ай бұрын
This error means family_name and email is not set for this user profile. This can be due to AzureAD not properly configured to send these claims back to Cognito. You need to verify the AzureAD settings. Please like, subscribe & share!! Thanks in advance.
@mrwho25132 ай бұрын
@@securityinaction1018 indeed, the account I was trying to login, did not had email addreess, neither first and last name, but how come? when I create a new user in AzureAD, I would expect to automatically generate these for me, but it doesn't. I need to manually fill in those fields, as you did What if the admin does not want to add those fields? maybe AD provides some custom attribute mapping wich evaluates to those fields?
@securityinaction10182 ай бұрын
It is entirely up to the Admin to decide whether to collect those details from the user. I don't know how AzureAD handles required fields. I guess there should be some way to make these fields mandatory or optional. In Cognito, you can set these fields as mandatory or optional
@ciaranmcgauran83672 ай бұрын
Thank you for this really clear walk through. Much appreciated.
@securityinaction10182 ай бұрын
Glad it was helpful! Please like, subscribe & share!! Thanks in advance.
@slsaha2 ай бұрын
Is it possible to authenticate from multiple client cognito pool rather than one?
@securityinaction10182 ай бұрын
You can configure multiple OIDC identity providers in one cognito user pool pointing to different user pools and different clients. I am not sure if this is the scenario you are referring to. Please like, subscribe & share!! Thanks in advance.
@user-ex8vj4qe7n2 ай бұрын
What an awesome video! Thank you Would you mind to create a video to share with us about how to use aws cognito login with desktop application(ex: electron js or any other framework) ?
@securityinaction10182 ай бұрын
Thank you!! I need to check that. As long as desktop app can open some inline browser, I think same flow should work. Please like, subscribe & share!! Thanks in advance.
@skemuel2 ай бұрын
How can I prevent duplicate account creation during signing and signup. An issue I identified arises when a user registers with their email and later signs in using social identity providers like Azure AD or Facebook.
@securityinaction10182 ай бұрын
When you say duplicate accounts, I assume you are referring to two accounts with same email address but different user names. Am I correct? In this case, you need to write a custom lambda function to link the federated user from AzureAD or Facebook with the local user profile which has the same email address. You can check this documentation docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html Please like, subscribe & share!! Thanks in advance.
@skemuel2 ай бұрын
@@securityinaction1018 I got this error "InvalidParameterException: Invalid SourceUser: Cognito users with a username/password may not be passed in as a SourceUser, only as a DestinationUser" Here is my sample code: const AWS = require("aws-sdk"); const cognitoIdentityServiceProvider = new AWS.CognitoIdentityServiceProvider(); exports.handler = async (event, context, callback) => { console.log("Events: ", event); console.log("Context: ", context); try { const user = event.request.userAttributes; const email = user.email; // using the user email as the identifier // filter for query user pool const params = { UserPoolId: process.env.USER_POOL_ID, Filter: `email = "${email}"`, }; // fetch the user list by email // get list of users const cognitoUserListByEmail = await new AWS.CognitoIdentityServiceProvider() .listUsers(params) .promise(); console.log("Cognito user list by email: ", cognitoUserListByEmail); const userStatus = event.request.userAttributes["cognito:user_status"]; if ( cognitoUserListByEmail.Users.length === 1 && userStatus === "EXTERNAL_PROVIDER" ) { const sourceProviderDetails = event.request.userAttributes.identities[0]; const linkParams = { DestinationUser: { ProviderName: "Cognito", ProviderAttributeValue: cognitoUserListByEmail.Users[0].Username, // The Cognito username of the existing user }, SourceUser: { ProviderName: sourceProviderDetails.providerName, ProviderAttributeName: "Cognito_Subject", ProviderAttributeValue: user.sub, // The user ID from the social identity provider }, UserPoolId: process.env.USER_POOL_ID, }; await cognitoIdentityServiceProvider.adminLinkProviderForUser( linkParams, function (err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); } ); // .promise(); // console.log(result.$response); console.log("Params: ", params); } callback(null, event); } catch (error) { console.log(error); } }; I can't seem to figure out the parameter for AdminLinkProviderForUser API
@meghanyao89062 ай бұрын
super helpful
@securityinaction10182 ай бұрын
Thank You!! Please like, subscribe & share!! Thanks in advance.
@marcosreyes93852 ай бұрын
Thanks man! very useful video
@securityinaction10182 ай бұрын
Thank you!! Please like, subscribe & share!! Thanks in advance.
@realmuzfi2 ай бұрын
Would you still choose web app if your using react on the frontend ?
@securityinaction10182 ай бұрын
I think it is still required assuming react frontend will call SpringBoot REST APIs in the backend
@gvoden2 ай бұрын
Hi, I don't know why but App Roles are missing from configuration for app registraiton if I am registering the app in Azure B2C. Any tips?
@securityinaction10182 ай бұрын
I am not sure. I still see in my azure developer account. If you are not seeing the option to add app roles, try manually modifying the manifest file to add app roles.
@gvoden2 ай бұрын
I modified the manifest and it worked like a charm
@gvoden2 ай бұрын
@@securityinaction1018 just a heads-up Microsoft's doc was updated to use the manifest vs app roles, so that has definitely changed but the rest of the steps are the same
@securityinaction10182 ай бұрын
Thanks for sharing this detail. When I recorded this video, I remember Microsoft docs talking about modifying manifest instead of adding through the admin console. Since the console option was available, I used it at that point of time. But, looks like modifying manifest file is the right option.
@Lucard44332 ай бұрын
hello. thanks for the video. do you have source code for the lambda function to test http headers?
@securityinaction10182 ай бұрын
You are welcome. Here is the code : exports.handler = async (event, context) => { let response = { "isBase64Encoded": false, "statusCode": 200, "statusDescription": "200 OK", "headers": { "Set-cookie": "cookies", "Content-Type": "application/json" }, "body": JSON.stringify(event, null, 2) }; return response; }; Please like, subscribe & share!! Thanks in advance.
@Lucard44332 ай бұрын
@@securityinaction1018 Thanks. I am currently working on in conjunction with oauth2-proxy on alb controller in EKS. I am trying to pass headers to an application "rundeck" that runs in EKS from oauth2-proxy which also runs in EKS but app won`t accept it. In rundeck application the settings I had to turn on from their documentation was: rundeck.security.authorization.preauthenticated.enabled=true rundeck.security.authorization.preauthenticated.attributeName=REMOTE_USER_GROUPS rundeck.security.authorization.preauthenticated.delimiter=, rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles #sync user info headers rundeck.security.authorization.preauthenticated.userSyncEnabled=true #these are the default headers for passing user details rundeck.security.authorization.preauthenticated.userFirstNameHeader=X-Forwarded-User-FirstName rundeck.security.authorization.preauthenticated.userLastNameHeader=X-Forwarded-User-LastName rundeck.security.authorization.preauthenticated.userEmailHeader=X-Forwarded-User-Email any idea how can I pass oauth2-proxy headers from okta to upstream in oauth2-proxy? my setup: provider = "oidc" oidc_issuer_url = "mydev.okta.com" email_domains = [ "*" ] upstreams = [ "rundeck-backend.rundeck:4440" ] cookie_secure = true redirect_url = "mytestrundeck.com/oauth2/callback" skip_auth_regex= "^/api/\\d+/webhook/" pass_authorization_header = true pass_user_headers = true set_xauthrequest = true oidc_groups_claim = "groups" Thanks!
@securityinaction10182 ай бұрын
Unfortunately, I don't have knowledge on EKS and rundeck
@daremondlars2 ай бұрын
Thanks so much for the lesson, but if possible do a tutorial using custom UI sign flow please
@securityinaction10182 ай бұрын
You are welcome!! I will surely look into this custom UI sign flow and try to post a video. Are you referring to Cogntio custom login page UI? Please like, subscribe & share!! Thanks in advance.
@daremondlars2 ай бұрын
@@securityinaction1018 yes, and not. I'm referring to integrate a OAuth federated sign in experience using Google, or any other OIDC provider, and a custom UI (e.g. a React or Vue.js custom login page) using Cognito. In your example you used the hosted UI from Cognito.
@nikhilk28742 ай бұрын
How to do the maping of groups from okta to cognito?
@securityinaction10182 ай бұрын
You need to make some configuration changes in Okta and pass groups scope from Cognito to Okta. Please refer this document developer.okta.com/docs/guides/customize-tokens-groups-claim/main/ Please like, subscribe & share!! Thanks in advance.
@codingbell2 ай бұрын
very helpful. Thank you!
@securityinaction10182 ай бұрын
You're welcome! Please like, subscribe & share!! Thanks in advance.
@rajkumarwinc93722 ай бұрын
🎉Hi I really like the way you explain. Thanks for that, one doubt ! Can you please let us know how to fetch access_token, refresh_token, id_token, expires_in details etc when the user is authorised ?
@securityinaction10182 ай бұрын
Thank you!! I was planning to post a video on that and it is still pending from my side. I will post and let you know. Please like, subscribe & share!! Thanks in advance.
@rajkumarwinc93722 ай бұрын
@@securityinaction1018 thank you for your quick reply, when we can expect the video, I need to implement it in my spring boot 3 app. Thanks in advance.
@securityinaction10182 ай бұрын
I will try my best to post it in near future.
@kimferguson78152 ай бұрын
P R O M O S M
@sameeramadushanka8343 ай бұрын
Thanks for the well-explained demo on the OpenID Connect flow. This is invaluable in understanding what happens in the flow, with the ability to see the data exchanged. Also, a plus for the simple and clear demo setup. I'm trying to authorize using AD groups by setting claims.groups: groups and enabling Azure App group claims, but I'm still not successful. Can you explain that flow?
@securityinaction10183 ай бұрын
Glad it was helpful! Are you trying to get the AzureAD groups claim in ID token? Please like, subscribe & share!! Thanks in advance.
@sameeramadushanka8343 ай бұрын
@@securityinaction1018 I managed to get it done with Azure AD groups. There I used claims. groups: roles in Elastic user settings and sAMAccountName Emit groups as role claims options in Azure App registration token configuration.
@securityinaction10183 ай бұрын
Are you trying the same scenario with Active Directory groups?
@sameeramadushanka8342 ай бұрын
@@securityinaction1018 I wanted to authenticate the Azure AD group users to Elastic cloud. I managed to figure out the issues and my config is working now.
@ScoobyDoo-ct9nd3 ай бұрын
Explained very well and really excellent!!!
@securityinaction10183 ай бұрын
Glad you liked it!! Please like, subscribe & share!! Thanks in advance.
@DrFrancis16863 ай бұрын
Awesome video, thanks a lot!
@securityinaction10183 ай бұрын
Glad you liked it! Please like, subscribe & share!! Thanks in advance.
@user-my9fm2ls2f3 ай бұрын
Nice video please can u do a tutorial on AWS IAM auth and authz for junior level please , i've subscribe to your channel
@securityinaction10183 ай бұрын
Thank you for subscribing. I will surely consider this and post a step by step video on how to use IAM Auth for APIGW.
@SamuelGiwa-su4cj3 ай бұрын
How do you increase the authroization flow code limit size?
@securityinaction10183 ай бұрын
Are you referring to the length of the authorization code?
@vivekgowda15763 ай бұрын
Thanks for the great tutorial. There is a scenario where the user should create by Google in cognito. we have created user ( manually or API ). we just have to do Google SSO on existing users. Is this possible?
@vivekgowda15763 ай бұрын
@securityinaction1018 Hi, could you please look on this? I do not want create user name with google _random number . I want to create my users and the do auth
@securityinaction10183 ай бұрын
Yes, you can link the federated user i.e. google user with the local user which was created before the user logged in for the first time. This can be done when the user logs in for the first time through Google. Take a look at the this documentation docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html Please like, subscribe & share!! Thanks in advance.
@vivekgowda15763 ай бұрын
@@securityinaction1018 thank you. Do you have any video tutorials regarding this to understand in easy way?
@securityinaction10183 ай бұрын
I don't have it at this point of time. But, I will try to post it in future.
@Geeksrik3 ай бұрын
could you please ensure to keep your mic closeby as we lost audio in some parts. otherwise great tutorial.
@securityinaction10183 ай бұрын
Thanks for the feedback. I am constantly trying to improve the quality of the videos and will try my best.
@codingjoshi3 ай бұрын
i did something like this from the official quick starter guide from auth0 @GetMapping("/test") public String getChangelogs(Model model, @AuthenticationPrincipal OidcUser principal) { //code... model.addAttribute("user", principal.getUserInfo()); return "testsite"; } How can i get now the Authorities, i want something like @PreAuthorize()... tried everything but nothing worked, do you eventually know how i can do this?
@securityinaction10183 ай бұрын
Make sure you add the annotation @EnableMethodSecurity for @PreAuthorize to work. Refer this doc docs.spring.io/spring-security/reference/servlet/authorization/method-security.html
@vivekgowda15763 ай бұрын
We do not configure the open-id identity provider in cognito ? is this fine in real-time application
@securityinaction10183 ай бұрын
Can you elaborate? How is the authentication happening in your app?
@vivekgowda15763 ай бұрын
@@securityinaction1018 I have created my own open id provided application using open id dict (it is new separate application for sso ). I want to configure this in cognito as identity provider. is this possible? we have tried but getting some errors like state: eb3625f9691a434b9534830ae4f623cd error: invalid_request
@securityinaction10183 ай бұрын
So, are you trying to configure the custom OIDC provider as a external OIDC identity provider in Cognito user pool?
@vivekgowda15763 ай бұрын
@@securityinaction1018 yes correct.
@securityinaction10183 ай бұрын
That should work. Make sure the custom OIDC provider follows the OIDC RFC spec. Please make sure the token endpoint, userinfo endpoint works as expected.