1
00:00:00,210 --> 00:00:07,680
Now we have the client and client secret token in our hand, which we got during the restoration of

2
00:00:07,680 --> 00:00:10,990
the client application with the GitHub or two.

3
00:00:11,070 --> 00:00:17,310
So now let's try to understand what are the changes that we have to make inside any spring application

4
00:00:17,310 --> 00:00:23,970
or springboard application if you want to use spring security framework to leverage or to framework

5
00:00:24,240 --> 00:00:25,950
during the lodging of the application.

6
00:00:26,040 --> 00:00:33,720
So for the same first we have to add this dependency inside Pontotoc symbol, since in this application

7
00:00:33,720 --> 00:00:39,060
I'm just going to consume the server which is built outside my application.

8
00:00:39,240 --> 00:00:41,700
I have to use only or to clanked.

9
00:00:41,970 --> 00:00:48,420
But if we have a scenario where you want to build the orzo by use and you can also import the dependency

10
00:00:48,420 --> 00:00:56,340
which is related to or to Ottowa, but now you can see we import only what the client, which is good

11
00:00:56,340 --> 00:00:57,630
enough in our scenario.

12
00:00:57,810 --> 00:01:04,170
And other than that, we should also import other basic dependencies like springboard starter security

13
00:01:04,170 --> 00:01:05,290
and springboard starter.

14
00:01:05,880 --> 00:01:11,130
So these dependencies will add all the required libraries that we need inside our spring application.

15
00:01:11,310 --> 00:01:13,590
And you can see this is the springboard application.

16
00:01:13,590 --> 00:01:18,150
And we have this is the main class with the name Spring Security or GitHub.

17
00:01:18,360 --> 00:01:23,370
I also have project configuration to use spring security.

18
00:01:23,380 --> 00:01:25,950
I'll come to this class again before that.

19
00:01:26,250 --> 00:01:33,450
In my project, I have only a single resta controller with the pad slash like if you can remember inside

20
00:01:33,450 --> 00:01:39,420
the GitHub registration, we have given that the redirect to working as localhost adat.

21
00:01:39,780 --> 00:01:41,730
So we know that redirection happened.

22
00:01:41,880 --> 00:01:47,640
The request will come here and I made this party secured inside my configurations.

23
00:01:47,910 --> 00:01:54,450
Once authentication is successful, I'll be redirect to say goodbye to Yemen and secure that his team

24
00:01:54,450 --> 00:01:57,930
will simply displace successfully log in using GitHub.

25
00:01:58,080 --> 00:02:03,420
You can assume this secured attachment is a protected resource being inside my server.

26
00:02:03,660 --> 00:02:10,620
But if someone want to use this particular resource, they have to complete the login into my application.

27
00:02:10,919 --> 00:02:17,280
Using the GitHub ought to and at the same time, after successful login for a reference purpose.

28
00:02:17,280 --> 00:02:22,620
I'm also printing all the details that we are getting from the GitHub as well.

29
00:02:22,860 --> 00:02:29,340
Like my name, my email, my repository details, all those details will be getting from the GitHub

30
00:02:29,360 --> 00:02:30,220
or to somewhere.

31
00:02:30,260 --> 00:02:34,400
So I'm not using them here for our reference, I'm just printing it.

32
00:02:34,530 --> 00:02:40,200
If you go and check the configuration class, you can see this does bring security configuration class

33
00:02:40,470 --> 00:02:43,050
and we are already configured method.

34
00:02:43,320 --> 00:02:46,980
And all this, you know, has to be addressed request.

35
00:02:47,160 --> 00:02:51,390
I'm saying any request inside this application has to be authenticated.

36
00:02:51,540 --> 00:02:57,270
In this scenario, I have only one based to control, which is secure controller, and it has to be

37
00:02:57,270 --> 00:02:58,080
authenticated.

38
00:02:58,290 --> 00:03:01,530
And the login type that I want to use is the order to login.

39
00:03:01,680 --> 00:03:07,820
Like we have different type of logins like headstock to be basic form login and or to login is the other

40
00:03:07,830 --> 00:03:14,330
type of login that we are indicating inside our application, saying that I am going to leverage our

41
00:03:14,340 --> 00:03:17,970
two framework due to that we are mentioning or to login here.

42
00:03:18,090 --> 00:03:25,980
So whenever we add this auto log in here, it will add a filter inside our security flow, which is

43
00:03:26,400 --> 00:03:28,520
what to login authentication for.

44
00:03:29,070 --> 00:03:36,570
Now we may configurations inside configure method to indicate that our secure control is a secured service

45
00:03:36,810 --> 00:03:40,320
and everyone has to be authenticated using or to log in.

46
00:03:40,590 --> 00:03:43,500
Now the next step is for hour or two.

47
00:03:43,890 --> 00:03:50,220
There are different components in one user client server and this also.

48
00:03:50,590 --> 00:03:55,980
So in this scenario, that is also what is this application itself and the resources that has secured

49
00:03:55,980 --> 00:03:57,890
the kids team and the user?

50
00:03:57,890 --> 00:03:59,520
A resource owner is me.

51
00:03:59,700 --> 00:04:07,380
Whenever I try to access the secured attachment, I'll be asked to use my GitHub credentials to prove

52
00:04:07,380 --> 00:04:10,200
my identity by redirecting to that GitHub.

53
00:04:10,200 --> 00:04:12,750
You are an obviously client.

54
00:04:12,930 --> 00:04:19,769
We have to register inside our application so that the client a little secret will be sent to the Observer

55
00:04:19,769 --> 00:04:21,000
by this application.

56
00:04:21,240 --> 00:04:27,870
Once we restart the client, we should also tell to our application which observer I am using related

57
00:04:27,870 --> 00:04:30,680
to GitHub or Google or any other orzo.

58
00:04:30,930 --> 00:04:36,540
So we have to provide those server endpoint details, all those details as well for the same.

59
00:04:36,820 --> 00:04:43,290
First, we have to list the client details inside this application so that the client ID and client

60
00:04:43,290 --> 00:04:48,270
secret will be leveraged by the application minorities' interacting with the ATO.

61
00:04:48,450 --> 00:04:54,390
So there are three different ways on how we can register the client details.

62
00:04:54,840 --> 00:04:57,980
The very first Anlong approach is this one.

63
00:04:57,990 --> 00:04:59,970
Whatever you see the commenter, Kahir.

64
00:05:00,210 --> 00:05:06,420
I just uncommented for your reference, you had to write a letter with the name Client Registration,

65
00:05:06,430 --> 00:05:11,040
and there is a client registration class available inside the spring security framework.

66
00:05:11,340 --> 00:05:15,360
In this client registration class, you have to pass the registration.

67
00:05:15,690 --> 00:05:21,450
So registration is something which indicates which companies or which organization alteration.

68
00:05:21,600 --> 00:05:23,320
Sahlberg, that I am going to use.

69
00:05:23,490 --> 00:05:28,650
So in this instance, since I'm going to use a GitHub Utsav, I'm just mentioning this traditionally

70
00:05:28,650 --> 00:05:34,490
as you type and claimed it is the value that we get during our registration and client secret.

71
00:05:34,530 --> 00:05:39,610
Also we get during our restriction scope like what are the scopes that we want to use, like whether

72
00:05:39,660 --> 00:05:45,270
to read or write and what is the attribution you are and what is the endpoint of the observer belongs

73
00:05:45,270 --> 00:05:47,610
to GitHub and what is a token you are.

74
00:05:47,610 --> 00:05:51,510
I like to get the access token and use info.

75
00:05:51,510 --> 00:05:58,770
You are right to get the details of the user and what is a clean name that we have given for our client

76
00:05:58,770 --> 00:05:59,760
application.

77
00:06:00,030 --> 00:06:05,610
And so the GitHub website and what the attraction grandpap that we want to use.

78
00:06:05,760 --> 00:06:11,610
And you can see here this operation Grandpap has five different type of grant types.

79
00:06:11,610 --> 00:06:18,150
One is alteration or implicit refresh client credentials and password, which is same as resource one

80
00:06:18,270 --> 00:06:19,350
password Cantrell's.

81
00:06:19,560 --> 00:06:23,490
And as we discussed, implicit is the one which is getting replicator.

82
00:06:23,730 --> 00:06:24,750
So don't use that.

83
00:06:25,020 --> 00:06:29,430
We should always use any of the other four and redirect.

84
00:06:29,790 --> 00:06:31,320
You are allowed so we can mention.

85
00:06:31,680 --> 00:06:35,760
But you can see here there is a lot of configuration involved with this first approach.

86
00:06:36,030 --> 00:06:39,600
So due to this reason, most of the folks there do not use this.

87
00:06:39,840 --> 00:06:46,380
But this approach is useful whenever you are building the observer inside your organization only.

88
00:06:46,590 --> 00:06:51,720
But if we have a scenario where you are using the most common answer was available in the industry,

89
00:06:51,990 --> 00:06:59,820
like GitHub, Google, Facebook, then there is a simple approach where you just have to create a little

90
00:06:59,820 --> 00:07:03,730
time restriction and leverage the common work to provide it.

91
00:07:03,900 --> 00:07:09,380
So this is the common or to provide is a class which is provided by the spring security framework team

92
00:07:09,390 --> 00:07:14,780
itself by constructing the most common or two servers that we are going to use.

93
00:07:15,120 --> 00:07:19,980
You can see here for Google, they put all the configuration details.

94
00:07:19,980 --> 00:07:20,700
What is the token?

95
00:07:20,700 --> 00:07:21,960
You are what is alteration?

96
00:07:21,960 --> 00:07:25,590
You are in everything, even for GitHub, Facebook and Okta.

97
00:07:25,800 --> 00:07:31,380
So since all these details are available inside the framework, you don't have to take the pain of configuring

98
00:07:31,380 --> 00:07:31,800
again.

99
00:07:32,160 --> 00:07:38,460
So you just mentioned what is the odds are that you are going to use like GitHub or Google and you call

100
00:07:38,460 --> 00:07:45,540
get builder with the registrational as GitHub and claimed it, you'll pass the value that will go along

101
00:07:45,540 --> 00:07:48,660
with the client secret and eventually will call the build method.

102
00:07:48,870 --> 00:07:51,600
So this will return a client presentation.

103
00:07:52,170 --> 00:07:59,340
Once we have this client registration values available, you should also create a client registration

104
00:07:59,340 --> 00:08:00,120
repository.

105
00:08:00,450 --> 00:08:07,830
Client registration repository is same as our user detail service that we discussed previously in normal

106
00:08:07,830 --> 00:08:08,970
authentication flow.

107
00:08:09,210 --> 00:08:15,330
In the same way, in order to flow, we have a client registration repository which have a method defined

108
00:08:15,330 --> 00:08:16,640
by registration eighty.

109
00:08:16,800 --> 00:08:22,530
So this method will use the registration eighty to get the client registration details that we configured.

110
00:08:22,830 --> 00:08:25,800
Like I configure GitHub, I configure Google.

111
00:08:25,950 --> 00:08:32,220
So based upon the institutionality at the runtime, it will get the client registration details by leveraging

112
00:08:32,220 --> 00:08:35,370
the values that we can forget inside this matter.

113
00:08:35,700 --> 00:08:41,370
And again, client registration repository, we can go with in-memory client restriction repository,

114
00:08:41,580 --> 00:08:44,100
very client registration repository.

115
00:08:44,250 --> 00:08:47,880
But now I'm using here in memory client registration repository.

116
00:08:48,210 --> 00:08:50,820
For that you have to pass the client registration.

117
00:08:50,820 --> 00:08:52,410
Previously you configure here.

118
00:08:52,710 --> 00:08:58,530
So since I'm keeping that, there had been so my framework is smart enough to detect, OK, I have a

119
00:08:58,530 --> 00:09:04,020
client registration repository, how to use these with the in-memory client registration repository

120
00:09:04,020 --> 00:09:08,780
along with the configurations provided by the user under the method client registration.

121
00:09:08,970 --> 00:09:12,390
So again, this is also a and at that second approach.

122
00:09:12,600 --> 00:09:19,470
But if we have a scenario where I don't want to take all this pain and I want my client registration

123
00:09:19,920 --> 00:09:26,430
and client restriction repository to be auto configured by the spring board, you can still simply go

124
00:09:26,430 --> 00:09:30,630
to the application that properties and mention these two values.

125
00:09:30,750 --> 00:09:37,140
So here you are indicating that you are going to use GitHub and this is the client ID and clients.

126
00:09:37,740 --> 00:09:43,740
So whenever you mention these properties inside your application that properties your springboard is

127
00:09:43,740 --> 00:09:48,840
smart enough to create a client registration based upon this client data and client secret.

128
00:09:48,990 --> 00:09:53,390
And it also creates a bean client registration repository for you.

129
00:09:53,610 --> 00:09:55,710
But again, this is only for GitHub.

130
00:09:55,890 --> 00:09:59,880
But if we have a Facebook, you just replace the GitHub value with the Facebook.

131
00:10:00,060 --> 00:10:02,350
Are Google in this location?

132
00:10:02,640 --> 00:10:08,580
You can also have a lot of properties that you can configure inside application that properties which

133
00:10:08,580 --> 00:10:15,960
you can always identify and use them by going through the spring security documentation.

134
00:10:16,260 --> 00:10:21,250
So I'll just show you that we can go to the spring security documentation website.

135
00:10:21,630 --> 00:10:24,000
So this is the wall like spring security.

136
00:10:24,000 --> 00:10:30,870
I'm just seeing the dogs of 5.2 TotEx and or two dogs and looking so you can see here if you scroll

137
00:10:30,870 --> 00:10:31,310
down.

138
00:10:31,650 --> 00:10:38,760
So these are all the properties that we can use in order to register or to details inside the property

139
00:10:38,760 --> 00:10:39,380
file itself.

140
00:10:39,420 --> 00:10:45,390
You don't have to manually create the client registration and client registration repository, but you

141
00:10:45,390 --> 00:10:47,560
can always leverage all these properties.

142
00:10:47,730 --> 00:10:53,120
So now we have done done enough configurations inside our application in the next lecture.

143
00:10:53,310 --> 00:11:01,290
Let's try to start our application and see how our configurations, two or two is working by logging

144
00:11:01,290 --> 00:11:02,310
into the application.

145
00:11:02,430 --> 00:11:02,910
Thank you.

146
00:11:02,920 --> 00:11:04,390
And see you next by.