+Jason Poley thanks Jason

+Rafal Otwinowski thank you rafal. cheers

glassdoor also can be resource server. By using Key cloak or amazon cognito you can create your own Auth server and Resource sever. Resouce server will decide what api i should expose to client on the basis of role configured in Auth server. If your application is fetching data of glassdoor and showing some reports. Then glassdoor can be resource server for your application. You can configure same in Auth server created by you.

protocol is a standard. framework is a opinionated way of doing something/an implementation

HI Rafal, completely agree with your explanation.Thanks for the detailed explanation.

+Lince Thomas thanks lince

Yes, same idea. Otherwise, there will be a confusion of 'Client' being a user or a user's browser.

+Kamran Ali my pleasure Kamran. I'm Ajay

1 is a protocol, 2 is a framework. 2 is less secure.

I think Rahu and Mangal are not in their lagna. Donate 10kg grass to Cow for 1 month and your issue should be resolved.

+Eric Jonas Hi Eric, Your usecase is an awesome example of how enterprise firms handle authentication in their built in systems which are handled by multiple teams. If you go for JWT+https, you should be ok. However to solve the user namr password validation everytime, what you can do is create a token from ur auth server and use it. But its upto you to choose which ever best suits for ur usecase. I will tell the advantage of token based system in enterprise: Every app should connect to Auth server to create a token. All other server side apps can validate the token with AuthServer for every request provided by the client. The only downside of passing username n password everytime is the safety. Even if 1 request is hacked, your username is fully exposed. Drop me a mail @ techprimerschannel@gmail.com, i will add u to thr slack community. You will get suggestions from most of viewers of this channel

Thanks for replying back. Yeah, also email you too. As for this "The only downside of passing username n password everytime is the safety. Even if 1 request is hacked, your username is fully exposed." How can someone hack a JWT token? Is that possible? And what do you recommend? I hope can custom build via Spring 4 instead of using some open source or paid 3rd party solution. Example, Keycloak... as most of my end users are still using IE8, based on the project contributor may not be able to support due to the JS library. Unfortunately they will still use IE8 for next few years. Any tips? Thanks.

Noted

I appreciate the video. I do however think the video should probably be removed after reading the rest of the comments here because unfortunately it does appear the knowledge gaps here are too much and in fact it appears that there's actually too much incorrect data being told here also. I still will give a thumbs up though and will subscribe to see if you put a new one out. Signatures - ensures the data wasn't modified during transfer. Encryption - prevents unauthorized parties from reading the data. Here's a .pdf I got my hands on a couple of days ago if anyone reading this comment is very interested in learning about JWT. I haven't gotten my hands on one for OAuth yet so can't help there :) assets.ctfassets.net/2ntc334xpx65/o5J4X472PQUI4ai6cAcqg/c0f09bd6d2ec494462ea684ab065781d/jwt-handbook-v0_14_1.pdf Good luck to everyone

I think Rahu and Mangal are not in their lagna. Donate 10kg grass to Cow for 1 month and your issue should be resolved.

Atleast we speak english.. think this was in chinese:)