Thanks Angie. Spring security OAuth usage a template for redirect-uri `{baseUrl}/login/oauth2/code/{registrationId}`. Check the link for more detail docs.spring.io/spring-security/site/docs/5.2.x/reference/html/oauth2.html#oauth2login-sample-redirect-uri

I'll try to create one but my blog is coming around that. I'll share the link once it's out

Hi Ajay, Sorry I was occupied in something else. I've created new blow regarding the JWT based token store. jsblogs.github.io/spring/2020/08/23/Spring-security-using-OAuth2-with-angular-js-JWT Do let me know your comments

Thanks Ramnivas, You cannot validate the token with the providers as the token was generated by our application and the provider is not aware of that token. You can use automated deprovisioning solution. Read docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-revoke-access#best-practices for more details

@@JSBlogs thanks for the reply. my idea is creating Authorization server with azure ad and resource server. my doubt is how authorization server will validate AD token, which requested from resource server api

I believe the token is not being sent with the post request.

Looks like the JWT is not generated correctly. Can you share the JWT token

@@JSBlogs I solved my problem with login(I didn't restart frontent and get old token), Thanks

Do you mean custom Auth server? Like spring Authorization server ?

@@JSBlogs yes, I mean as we are using facebook or google client authorization server to login along with that how can we implement our own authorization server to login in spring security 5.

Ok I'll create either a video or blog post around that meanwhile you can read few of the blogs here jsblogs.github.io/ Thanks for reaching out

@@JSBlogs thank you for your time . Actually I am building a NGO web app with angualr 9 and spring boot so I am finding difficulties with spring security 5 for custom login.

@@itsmevijach2375 is there a requirement to use oauth with custom Auth server or can you go with simply form based login or just jwt based login ?

Thanks Ansari, I've already covered azure with third party oauth flow and written few blogs around that jsblogs.github.io/ But I'll create one video specific to this usecase

Why do you set empty SecurityContext? Can you explain me your use-case?

@@JSBlogs no this was happening post controller request... i got confused. If we want to implement logout how to do it? simply removing the token from session storage? what about token removal from token store?

Try putting @Primary on your bean

Hw will @primary solve these issue??

As we configured redirect_uri ..so for pre flight options request also its getting redirected..which should not be the case..so getting preflight request doesnt pass access control check..redirect is not allowed for a preflight request

Is there any way..we can connect once??

I'm available tomorrow we can connect over the Google meet

I've not explore with Webflux yet but will give it a try.

did you configure /login or /auth url as permitAll?

@@JSBlogs yeah same files I copied from your github repo

is there any chance that we can do zoom and you can help me out. I am literally working on it from last 20 hrs

Let's connect tomorrow

Sunday 11am

Thanks Deepak, Thanks for your feedback. Will record a video for the same. Would you mind explaining a bit more about "download use any MAP"?

@@JSBlogs I am really sorry it was typo error. I meant don't use HashMap(Map) . try to make a video with production ready code. because I have seen in multiple videos where people are using inmemory so just avoid to use this kind of thing and explain the concept and coding which can be used in production environment.

I am intentionally generating the new token (specific to the application) and the token I got from GitHub is stored in-memory (in HashMap) 15:49. The reason I am doing this because the token I got from GitHub contains details specific to the user currently logged-in. And in case I need to add additional details (like user id in our system, other user related info or tenant info in case of multitenant app) I need to create a new token

Ok, so how shall I have to pass the token received from GitHub to the Angular storage?

@@rakshita3946 Autowire a bean of `OAuth2AuthorizedClientService` and then use below method public String getAccessToken() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if(authentication instanceof OAuth2AuthenticationToken) { OAuth2AuthenticationToken token = (OAuth2AuthenticationToken) authentication; String registrationId = token.getAuthorizedClientRegistrationId(); String principalName = token.getPrincipal().getName(); OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(registrationId, principalName); return client.getAccessToken().getTokenValue(); } return null; }

Or if you want it to store at the time of login success then add a event listener and handle `AuthenticationSuccessEvent`. This event will have Authentication object and then call below method on authentication ((OAuth2LoginAuthenticationToken) authentication).getAccessToken()

@@JITTUBISHT yes, will try both the approach

If you follow this approach then make an API call to the backend with the token and remove it from the token store

Let me know if you need a code sample

@@JITTUBISHT Can you please share the sample?

Sure will do

It's angular 8. (Sorry I'm no expert in front-end tech)

Can you share the stack trace?

Could you please share the logs or browser screenshot which shows the error message. If possible please share the security config as well

Hello JS blogs thanks for your reply. I would like to send you but I cannot om youtube. Can you tell me another way where I can provide you Screenshots?

Hi Hassan, You can email me at info.jsblogs@gmail.com

same error here

any answer on how you fixed it?