Finally, Authorization Server. Thank you

nice, waiting for the full OIDC implementation. :)

Awesome presentation, leant alot.

Thank you for your presentation. Where can I find the hones-client and evil-client examples?

Thank you for your presentation. Can you show a details version about UserDetailsService implemetation with database authentication instead of in memory. Thanks

This is awesome!

Nice video showcase! I was wondering two things: 1) how should one customize the credentials or consent screen? 2) what if I want to delegate user authentication to another method beyond user/password (say, X509 cert or SAML or even another OIDC identity provider like Google Auth, behaving somewhat like an authentication proxy)?

Could you please share the codes?

Hi.. Looking for suggestions on implementing security on spring-boot microservices integrated with angular UI. I have an external identity provider(Ping Federate) to support SSO and all user roles/authorities are maintained in the application database. What is the best approach to secure APIs? If Oauth is recommended way, how to implement it(Stateless). Should the Authorization Server be customized to connect to the identity provider Authorization Server and generate tokens from the custom Authorization Server? or Oauth2 client should generate tokens by loading user details from the database after successful authentication with the identity provider?

Hello sir. I have this scenario. ServiceA that provides an angular app with data and ServiceA needs to be protected. That is fine, I made it a resource server, and had a separate auth server to handle authentication. But now, ServiceA additionally call another protected ServiceB and ServiceC. ServiceB & ServiceC both have their own separate authentication as they are different external companies. ServiceB & ServiceC are both a resource and an auth server which I heard there is nothing wrong with that setup. Now, given that ServiceA as a resource server needs to be a client and call another protected service itself, is there support for a service to be both resource and client at the same time? How do I handle this scenario I notice that once I add a dependency for oauth2-client, in the resource-server with appropriate configs, I always get a message acess denied ,Login with OAuth 2.0, when i try to access any endpoint of the resource server. Even after I authorised and got an access token.

Why endpoints like /authorize ... are kept in Client part of project. /authorize endpoint should be part of Authorization Server right ? Am I missing something here ?

Could you please post the links to the code samples used in the video ? Thanks

Won't there any problem to have an authorization-server and a resource-server in the same application?

Please do share the code examples

There is almost no information on how to get started, should have a separate sessions on attacks and all.