Nobel Prize-winning physicist, Richard Feynman had once said: “You know you have mastered a skill, when you can teach it to a child”. Why? Because it forces yourself to understand the concept at a deeper level and simplify relationships and connections between ideas. Great Job Koushik! Thanks.

*Timestamps* 0:00 Intro 1:34 Term 1: Resource 2:24 Term 2: Resource Owner 3:14 Term 3: Resource Server 3:52 Term 4: Client 5:00 Who has the burden of security? (Ans: Resource Server) 6:51 Term 5: Authorization Server 7:54 OAuth Flow 1 *Authorization* *Code* *Flow* 14:09 OAuth Flow 2: *Implicit* *Flow* 15:50 Drawback of Implicit Flow 18:30 OAuth for authorization between services 19:24 OAuth Flow 3: *Client* *Credentials* *Flow* (for microservices) 22:20 Wrap-up

I just don't understand why some people would thumb down on this tutorial. In fact, all the tutorials from this channel are excellent. I learned a lot from them

The tutorial is too good to having clearer view on Oauth flows. Hats off to the author

Hands down the best style of introducing technical material, that I have ever seen. Your videos are so easy to follow. I'm glad you start with concepts and examples, before going into the jargon.

He made this so simple. He knows the art of teaching.

Thank you!!!! I never know what "client" site means until now. There are so many things on the internet, and unfortunately people just assume it's common knowledge and don't bother explain them, which makes the process so much harder and frustrating. Thank you for taking the time

You are the best java channel out there! great job!

Always... best tutorials from Java Brains.

Thanks Kaushik , This series on OAuth2 is amazin

I must thank you for making me understand it in a better, simplified way. Your deep understanding on the topic is adorable. Once, again thank you

Amazing explanation. Hope my son in college gets a "resource" (professor) like you. God Bless You

Accidently found one video by Java brains, and this is my fifth video back to back, so additive ( things I understood in past with partial knowledge and getting confused time and again, explained o me here like a baby). I have seen many videos but no one explained like you did. Thanks a ton. Please put a link where views can make some donations if they are happy. I would love to do that

Your style of explanation / teaching is really top-notch! Great work

You are a master of many concepts which many people want to learn.Kudos to You Kaushik.

You are a lifeSaver Man. Thank You so Much Sir.

Very well explained. One of the best videos that explains OAuth

Man, you have a gift for clearly explaining things, thank you very much for theses great videos.

Wow ...trust me i have seen 10+ videos on this topic on KZbin. But the way you are explaining... someone who is from commerce or arts background also will understand everything..😛

Thanks for making it simple to understand the big concept .

Thanks! I'm from Belarus and sometimes to hard to parse bad pronunciation, but yours is very clearly. Very useful explanation, one of the best learning channels!

Very good and crystal clear explanation with good analogy. Thanks for sharing this core concept

Thank you for your great efforts . you are the best to simplify such complex concepts

This is an awesome explanation. It just had what I wanted to clarify.... Thbskd watching this video. thanks and kudos to you sir

Respect for making such a video ! Superb skill of teaching.

Explained very well. Thank you for clearing this concept

Thanks Koushik. Got to learn more about OAuth in meaningful and useful way. Please keep teaching more.

Thank you very much again for this clean explanation. I appreciate you very much.

Great stuff man You helped clear my interview. Got the offer from company 🔥

Excellent explanation in details..!! Thank you..:)

Great explanation! Thank you dudee✨

Great job, with you its easy to understand !

Brilliant explanation 💯💯

Finally found an Indian that makes sense :) Thank you! Subscribed.

Crystal clean concepts as always :) Thanks Koushik!

best explanation of oauth. thank you very much

You made this topic very easy to understand.. nice 👌

Thanks Kaushik. Amazing video with the right set of analogies used at the right place. Kudos. 👍

Amazing lesson JB once AGAIN..great stuff!!

Your videos are a blessing! Thank you!

Love the way the topic is presented!

Loved your awesome explanation!!

Superb Koushik. Really helpful. Thaks again.

You are amazing bro. Thank you for everything

awesome tutorial !!! It got a great understanding on this topic and it clarifies my doubts too. thank you.

wow...very good explanations...i really enjoyed your teaching style!!..Thanks for making such a good efforts!

I really loved it... the way you explained and it is clear and emphasizing examples !!!

Excellent explanation, before this video series, i always afraid about Spring Security. many thanks

Amazing presentation skills 👍

Thanks Kaushik , was eagerly waiting for this video

great respect, It is an easy to start tutorial.

very nice video. Doupts are cleared. Subscribed and liked. 👍

I think this is one of the best explanations so far. Is there a similar video on SAML and OIDC flow on your channel?

Thanks for the effort, very well explained.

Great job. Thanks a lot for making this video.

Love the explanation and teaching

Wow, amazing explanation 🙏

This explanation is amazing. Thanks!

Awesome video, thanks !! Can you also cover concept of challenge in OAuth, and how enterprise SSO works with OAuth.

Thanks very much 🥰. Please make others vedio about spring boot very very very advanced

Thanks Kaushik for such a wonderful video very clearly explained like you always do. I just wanted to know why implicit flow is less secured?? although in both kind of flows(authorization and implicit flow) client application has access token which can be used to access the protected resource from resource server.

Nicely explained. Just one point to add..the exchange of token in authorization flow happens from a server to a token end point. The call is not from browser.

You, sir, are a legend.

This is a great tutorial. Thanks

Very well explained, thanks

Very nice introduction sir. I love your teachings. It helps me so much in understanding complex concepts which seems very difficult to me before. Sir, as honest request, can you please teach the implementation (demo) on the three flows you mentioned in this tutorial. Please sir👏 And thanks so much for these lessons.

very nice tutorial, thanks so much

it will be great if you start a series on SOLID and Design Pattern in Java/any oops language. I know there are lots of material out there on internet related to these but I believe your way of teaching style will help out lots of ppl. and if you do please try to make each SOLID principle example not related to each topic. Thanks

The idea of picturizing the concepts and telling a story to explain the concepts is extremely helpful and captivating sir! Thanks a lot! I derive immense sense of satisfaction on viewing your videos. Any such videos on docker and kubernetes please?

Dude knows how to teach!

Awesome Explanation !!

You are a supreme teacher!

best explanation for me

Hi Kaushik. Thanks a lot for providing such great content. You are doing great service to the community. Can you please release few videos on saml as well ? What is saml and how does it differ from oauth and how to implement it using spring boot .

Example of Valet is awesome...

Thank you, thank you, thank you for your wonderful explanation! I have a question about the authorization code flow: in the step 5 the authorization server sends the authorization code directly to the client, while searching on the web I found that the authorization code seems to be sent to the user which then gives it to the client that exchanges it with the authorization server for the access token: is it correct? Maybe you didn't mention this extra step in order to keep the explanation simple, but it would help me to better understand the difference between the authorization code flow and the implicit flow

Thank you so much for explaining it so beautifully

Hello, Thank you for your great efforts, could you please cover sso with active Directory and Apache server ?

your tutorials are awesome ....

Excellent content! Kudos my friend

Superb explanation

Thanks for the tutorial. Please make another one on OpenID Connect protocol.

Thank you sir, could you please cover open id connect as well.

Excellent tutorial!!

Well explained. Thanks!

Great style to explain!

The main point missed in 10:54 is that Auth token goes through the resource owner browser while Access token does not. So the resource owner never sees the access token in the Authorization code flow

You are the BEST!

Thanks, very helpful video! A few questions on the third flow, Client Credentials: 1. You mention that micro service 2 has an authentication server. But in the terminology we only talked about an authorization server--is this indeed a different thing, or did you mean to say authorization and not authentication? 2. In the second step, after MS1 goes to the MS2 Auth server, it receives an access token for, you say, only the API calls that it should have access to. But how does the auth server know what MS1 should have access to? My guess here is that this is indeed an authentication server, and that the server is meant to know ahead of time who MS1 is and what kind of access it should have, and that this is what is meant by a super trustworthy client, but I'd like to confirm if this is correct.

Describing Oauth 3 base workflows is good.

I am little bit confused who use of 2nd key will make it more secure. .. from first key I get the second key , if first key is insecure then can one can grab it and get the 2nd key .. o r it is just that from first key you have to get the 2nd key only 1 and in very short time, something like this. First key also can be get transferred to via https, so how it becomes insecure ?

Amazing explanation

if oauth was poetry it would have been this tutorial ♥♥

At 21:48 will microservice 2 check the token from microservice 1 with Auth Server?

Thank you for this. What is the best way to store the access token, refresh token, ... in your node layer for later to use? How to know if the user is still logged in so we don't ask them for credentials if they close the browser?

Awesome Video as usual from Kaushik. One thing just want to clarify a point (21:45) Micro service 2 which does not know to validate a generated OAUTH by AUTH server, so it should call a AUTH server to validate a provided access token by MS1 is valid or not, if valid it will serve the purpose of a call. please correct me if i'm wrong. thank you.

Thank you very much for all the videos and well taught. Can you please post videos on spring security form validations like account locked and account expired. Thans in advance

thanks brother, good tutorial

Thanks for this brilliant tutorial. I had question though why did Client send AUTH token back to the Authorization server to get that ACCESS token in Flow-1?

I Like your OAuth explanation video. Great work..... :) Can you upload a video regarding Open ID Connect ??