I'm so glad it helped you. I've also struggled a lot with this configuration 😅

Thank you Alisher!

Thank you so much! The best option is to have Maven profiles and have two Spring Security configurations that load depending on the Maven profile

So glad it helped you!

Let me read more about this pattern. I've never worked on it

Thanks for watching Hamed!

Thank you!!

I have a playlist dedicated to deploy the backend to AWS, using the artifact or a docker image. For the frontend, i deploy it directly to S3, bit.ly/402muTc

This DTO is the user's information that come from Google. You can read some information like the name, email or phone number if the user accepts to share it.

@@TheDevWorldbySergioLema ok, so it means that the authentication process with Google has nothing to do with the way my users are registered in my backend registration service. If so, then how does Google Knows that the user with given email is authorized to access my app ?

The way I show in this video, I allow all the users of the world with a Google account to log in the application. If you want to restrict the access, there are several ways: * in the Google client application, configure the emails/users which have access * in your application, have a table which lists all the users which have access to your application. Add another filter in Spring Security which checks if the user authenticated with Google is also present in your table.

Ok, il makes sens to me now. Thank you !

Something like this one: kzbin.info/www/bejne/npfIgKSsfd17hZo ?

You need to create two Spring Security Configuration beans, one for each and given them a priority.

I didn't use it, but you have a Refresh Token method in the Google API, cloud.google.com/java/docs/reference/google-api-client/latest/com.google.api.client.googleapis.auth.oauth2.GoogleRefreshTokenRequest. Let me know if it works for you!

Thank you@@TheDevWorldbySergioLema

Thanks!

The Client is the one which requests protected resources. The Resource Server is the one which has the protected resources. I don't understand what you mean by "why it has been changed by".

@@TheDevWorldbySergioLema thanks for the answer) I'm sorry, I only recently started to familiarize myself with this topic, so maybe I'm asking stupid questions, but I thought that it's better to ask them than not to ask them. I was wondering why you replaced the spring-boot-starter-oauth2-client dependency with spring-boot-starter-oauth2-resouce-server. Wasn't possible to leave spring-boot-starter-oauth2-client that was in the first part of the video?

Feel free to ask. First, I've used the client library because I had an integrated frontend with thymleaf. But in the second part, I've used Angular as a separate frontend. This time, I can't use the client library because Google has some extra concerns about the security. Instead, I use the resource server library, and the authentication (the part done by the client library) is done manually in the AuthenticationController.

@@TheDevWorldbySergioLema thank you very much))

You can create a dedicated endpoint to return the user's information

Yes, it's the same workflow.

The introspection uri is the real Google API URI, the one you must call to use the authentication requests. What do you want to integrate from the other videos? As this one is already a complete authentication system, where you don't need to handle the password.

I'm not sure to understand your alternative. Having the option to login with email/password OR with Google Login?

Thank you Adrian!

As described in the following question: stackoverflow.com/questions/72328214/angular-router-outlet-error-cannot-match-any-routes-url-segment it seems that you must respect the OAuth2 URL path. You can't use your custom URL segments

the error occurs after pressing the url that I retrieved from the back-end at the frontend component chapter 40:59

@@TheDevWorldbySergioLema the error is in the redirection to google login form

Is the redirect URL configured in Google the same as the one used in your application? Do you use the standard URLs or OAuth2?

@@TheDevWorldbySergioLema yes is Oauth2

Wow! That's a complicated use case. Let me investigate a little bit. Maybe in several videos

Practicing, practicing, practicing! There is no course better than create small projects by yourself.

Thanks to you for watching.

Thanks Sadiul!

With this solution, any user who has a Google account is authorized to access your application.

You mean Google returns a JWT with some information (not just a plain token)?

@@TheDevWorldbySergioLema Yes! With some information

I don't know Gustavo. Check this OpenID workflow: developers.google.com/identity/openid-connect/openid-connect I think you can find something useful. Let me know if you figured it out.

@@TheDevWorldbySergioLema ok, thank youu

I've been adding the frontend part (with Angular and React) to my old Spring Boot videos. Now it's time to move to the microservices videos 😉

The logout is a little bit more complicated. As it consists in a restful application, there is no way to know if the token was deleted from everywhere or not. Nevertheless, there are some options that I've described in this article: sergiolema.dev/2023/04/03/3-ways-to-invalidate-a-jwt-token-in-the-backend-side/

@@TheDevWorldbySergioLema thanks

Thank you!

Yes you can use it without Webflux. But you have to use another library to request the Google API (like Retrofit or OkHttp).

Oh yes? Those things get deprecated very quickly

I don't think you can control the expiration time. It's managed by Google. I saw in the documentation that the default expiration time is 1 hour. If you find more information, let me know.

Only with a JWT? Without an OAuth2 workflow? I've made video some time ago which allows an Angular application to login into a Spring Boot backend with a JWT: kzbin.info/www/bejne/j4bUmmR_n7GLbqs

@@TheDevWorldbySergioLema noo, OAuth2 (Google) and JWT

​@@TheDevWorldbySergioLema Noo, OAuth2 (Google) and JWT

The next one 😅

I'm sorry for that. But I don't understand why some of the custom configuration are needed, so it's harder to explain. Google has some special adaptations of the OAuth2 workflow

😅 At least 6 hours. Graphql is a topic I have in my todo list, but I never found the time to investigate it

It's the Google API URL, the same I've used in the video, www.googleapis.com/

​@@TheDevWorldbySergioLema how can i make frontend with only core javascript without any framework or library that's my university's requirements ... guide me brooo

I don't use any particular dependency in the frontend. I just use the Angular structure. With plain javascript, you can have a single HTML page with a piece of code in Javascript where you call the backend as I do in the video. The point will be to display different parts of the HTML page depending on the status of the connection (authenticated or not).

You're welcome!