It would have been less confusing if the names used were non-generic. "client", "spring" as values create confusion - one doesn't know at first glance if it is a user defined value, or something that you have to use as is. "client" and "spring" also happen to occur in property keys - not just here but in the larger spring/java ecosystem which adds to the confusion. Had to watch it back and forth several times to make sense.

Hi Josh, awesome video as always. Would it be possible to extend this example to multiple different identity providers in the authorization server and how would this be done, since the idp will generate the token but the client will validate against the Authorization Server?

Very relevant, thank you!! Just finished my own KZbin series building a web app using Google Sign-on JWTs as my authorization server with Spring Boot/Spring Security as my resource server. I'd like to extend the series to include a custom Spring Authorization server :)

followed this to the letter but for some reason I am getting a whitelabel "/error" is there something I am missing? its saying too many redirects 🤔

Thank you very much. That's very useful. Seems it doesn't work well with all the projects upgraded to latest spring boot version. Just leaving the oauth client not upgraded will work though

so in a typical setup, i would need 3 server instances ? 😑 1. spring-auth-server 2. spring-resource-server, 3. spring-oauth-client. can i not just have (1) and (2) only ? the client is mobile app

I would love some kind of tutorial on how to set up a client credentials grant / flow authorization server

Great video Josh. My use case is internel app eg APIs -> gateway -> resource server. Can I use the oauth2 server in this scenario?

Doest Spring Authorization server support SAML protocol?

Hey Josh, you are the man as usual....although I do have 1 question, how does the user logout? Cheers

I cut and pasted all the config text in the application.properties files and see this white label error page: Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. Thu Dec 19 22:58:27 PST 2024 There was an unexpected error (type=Not Found, status=404).

Josh, where can I buy this t-shirt? Great video!!

thank you very useful

Would it be possible or you to implement PKCE

where in code authorization code is exchanged with access token?

Great video thank you!

In the client application, It is giving me error "Unknown provider ID 'spring'"

where is the URL to a github copy of sample project ?

"on my second favorite place on the Internet", 😂😂😂 always

Hi again, one question, if somebody can help me... I have a front end with a HTML login, is possible use this HTML login to validate into authorization server, instead of default login page of authoritzation server? I don't customize the login page, I want use login HTML of my frontend. regards

This is great

consent page is not coming. in my case after login directly it is show response with {"message" : "Hello, one"}

much helpful thank you :) 77th like

Please share your code

if you speak "slower" , it could help non-english speakers to understand you better.

Please lose the "30 seconds later" animations. They are only annoying, adding nothing to the video.