How to secure SpringBoot REST APIs using AzureAD B2C OAuth2 scopes?

Рет қаралды 4,054

Күн бұрын

This video explains how to build a SpringBoot application from scratch and secure the APIs using the AzureAD B2C OAuth2 scopes. It uses the OAuth 2.0 client credentials grant to get access token from AzureAD B2C and use that access token to call the SpringBoot APIs.
Documentation referred :
SpringBoot Security : docs.spring.io...
AzureAD B2C Client credentials : learn.microsof...
#identity #iam #security #sso #oidc #idtoken #spring #springboot #openidconnect #java #javaprogramming #javasecurity #springsecurity #oauth #oauth2 #apisecurity #azure #azuread #azureactivedirectory #azureadb2c #oauth #oauth2

Пікірлер: 28

@securityinaction1018 8 ай бұрын

Please subscribe to this channel for regular updates kzbin.info/door/EEayyyCrJO94FYlzF0NLTg Thank You for the support.

@shikhinmisra8671 2 ай бұрын

I don't know why your videos have less views. Have been learning from youtube since 15 years but never found anyone creating POCs by referring to the actual documentations. Your approach really gives a lot of confidence! Needless to mention that the topics you cover are really difficult to find elsewhere. Great content!

@securityinaction1018 2 ай бұрын

Thank you so much !! I will keep trying my best to post quality videos. Please like, subscribe & share this video / channel !! Thanks in advance.

@akhilkumar872 18 күн бұрын

Perfect timing, please share the Github repos too for future videos, it would be awesome

@securityinaction1018 18 күн бұрын

Sure. Please like, subscribe & share this video / channel !! Thanks in advance.

@papidulzuratravel8715 Ай бұрын

You just help me immensely with a current issue! ❤

@securityinaction1018 Ай бұрын

Glad it helped!! Please like, subscribe & share this video / channel !! Thanks in advance.

@CalmFirst-p3y 6 ай бұрын

This was an excellent video, thanks for sharing it!

@securityinaction1018 6 ай бұрын

Thank you. Please like, subscribe & share!! Thanks in advance.

@ViswanathTumbalamGooty 3 ай бұрын

Good video - One quick question, in step-4 said that the token will get validated... how and where the token will get validated ?

@securityinaction1018 3 ай бұрын

All these validations are taken care by SpringBoot security classes. You can customize this which is generally not required. Refer this documentation for more details : docs.spring.io/spring-security/reference/servlet/oauth2/login/advanced.html#oauth2login-advanced-idtoken-verify Please like, subscribe & share this video to support this channel !! Thanks in advance.

@helencode Ай бұрын

What is diference between Azure AD B2c and Entra Id in configuration. And which one i should use. Thank you

@securityinaction1018 Ай бұрын

Here are some links which will clear the confusion : learn.microsoft.com/en-us/answers/questions/1556632/confusion-around-azure-ad-b2c-vs-microsoft-entra-e learn.microsoft.com/en-us/entra/external-id/customers/faq-customers#is-microsoft-entra-external-id-a-new-name-for-azure-ad-b2c Please like, subscribe & share this video / channel !! Thanks in advance.

@christianrazvan 8 ай бұрын

Some of the blades are missing in Azure B2C

@harshats1 3 ай бұрын

how to change "exp" jwt claim in azure entra ID

@securityinaction1018 3 ай бұрын

You can try changing the token lifetime as mentioned here learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes and that should change the exp claim accordingly. I have not tried that. But, I think it should work. Please like, subscribe & share!! Thanks in advance.

@satyarajGovindaDas 6 ай бұрын

Great video and explaination. Though the Azure portal have few changes than this video but the concept remained pretty much same. I followed everything as per your video and verified with Azure documentation too, but I'm getting Invalid grant type.(value=client_credentials). Please help to resolve

@securityinaction1018 6 ай бұрын

Thank you. Please check if "accessTokenAcceptedVersion" in the manifest file is set to 2 as mentioned in this document learn.microsoft.com/en-us/azure/active-directory-b2c/client-credentials-grant-flow?pivots=b2c-user-flow#step-2-register-an-application Please like, subscribe & share!! Thanks in advance.

@satyarajGovindaDas 6 ай бұрын

@@securityinaction1018 yes it is. All the steps mentioned in your video and the Azure documentation was followed strictly.

@securityinaction1018 6 ай бұрын

It's pretty difficult to debug without seeing the setup. One more thing I can think of is the "Application ID URI" as mentioned in this document learn.microsoft.com/en-us/azure/active-directory-b2c/client-credentials-grant-flow?pivots=b2c-user-flow#step-11-define-web-api-roles-scopes. Please make sure it is configured as mentioned in the video.

@satyarajGovindaDas 6 ай бұрын

@@securityinaction1018 yes, the verified and even recreated Application ID URI with new unique ID. still no luck

@securityinaction1018 6 ай бұрын

If it is fine, please share the curl command. Make sure client ID and client secret is not exposed in public comments.

@ScoobyDoo-ct9nd 6 ай бұрын

Explained very well and really excellent!!!

@securityinaction1018 6 ай бұрын

Glad you liked it!! Please like, subscribe & share!! Thanks in advance.

@johannesmarais2755 2 ай бұрын

Great video. I am getting the following exception when adding the issues found in the token: "Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of: registeredDomain/{tenantId}/v2.0/"

@securityinaction1018 2 ай бұрын

It looks like a wrong issuer. registeredDomain/{tenantId} are placeholders. You need to replace that with the actual values. Please like, subscribe & share this video / channel !! Thanks in advance.