1
00:00:00,330 --> 00:00:07,050
In the previous section, we have discussed how to implement or to mechanism inside a springboard application

2
00:00:07,260 --> 00:00:10,080
by leveraging Utsav what off GitHub.

3
00:00:10,110 --> 00:00:17,850
Similarly, there are many authorizations that was provided by social network based companies like Facebook,

4
00:00:18,060 --> 00:00:19,710
Google, Twitter.

5
00:00:19,980 --> 00:00:25,650
So there are many organizations that they provide their own operation somewhere, and we can always

6
00:00:25,650 --> 00:00:30,150
leverage them in order to implement security inside our Web applications.

7
00:00:30,390 --> 00:00:37,110
But if you really asked me to consider same GitHub observer out, Google server, our Facebook operations

8
00:00:37,110 --> 00:00:42,960
over to my Web application that I have built inside discourse like is a bank app.

9
00:00:43,170 --> 00:00:44,880
It is not a great option.

10
00:00:45,090 --> 00:00:52,380
The reason is all the social network based companies are any other company operation server provided

11
00:00:52,380 --> 00:01:00,690
by them will only help you to authenticate and user so that only authorized users can access security

12
00:01:00,690 --> 00:01:02,370
pages inside your application.

13
00:01:02,490 --> 00:01:10,800
But if you want to incorporate role based access management inside a Web application, then these observers

14
00:01:10,800 --> 00:01:16,920
are not a good consideration, because when you go and grab these social network based authorization

15
00:01:16,920 --> 00:01:24,090
psoas, you will not have a flexibility of maintaining roles and authorities, based upon your own custom

16
00:01:24,090 --> 00:01:32,220
logic, that you how you just how to adopt simple authentication so that only LogMeIn users can access

17
00:01:32,220 --> 00:01:33,390
your secured pages.

18
00:01:33,570 --> 00:01:37,500
But that's not my requirement in saying my easy bank application.

19
00:01:37,710 --> 00:01:43,440
There are certain secured parts where admins can access and similarly users can access.

20
00:01:43,440 --> 00:01:48,390
So that kind of role based authentication and authorization is what I needed.

21
00:01:48,480 --> 00:01:55,290
So in order to incorporate or to login authentication and authorization inside my easy bank app, I

22
00:01:55,290 --> 00:02:03,420
need to consider authorization server products like Kik lock up to forge Iraq database cognito.

23
00:02:03,600 --> 00:02:12,060
So all these are the products which are focused dedicatedly to provide or to framework for complex Web

24
00:02:12,060 --> 00:02:13,240
based applications.

25
00:02:13,290 --> 00:02:19,590
So these products not only will help you in incorporating and implementing what framework inside Web

26
00:02:19,590 --> 00:02:26,430
application, but they also provide a lot of out-of-the-box features, like where all your user details,

27
00:02:26,430 --> 00:02:32,500
like your email password, the rules, everything can be stored inside these products instead of it

28
00:02:32,700 --> 00:02:36,240
storing them in a database like we are doing right now.

29
00:02:36,600 --> 00:02:44,190
Right now, if you can recall, our easy bank application architecture, there is an angular UI application

30
00:02:44,370 --> 00:02:50,640
where the user will provide his username and password, and those credentials will be passed on to the

31
00:02:50,850 --> 00:02:52,410
backend application.

32
00:02:52,650 --> 00:02:59,880
And spring security will evaluate those credentials by using the values present inside that database.

33
00:03:00,120 --> 00:03:05,990
And the same backend application is acting as an authorization solver and resource.

34
00:03:05,990 --> 00:03:12,180
So which is not a good practice if you want to consider for enterprise applications.

35
00:03:12,330 --> 00:03:20,790
So basically the main advantage of auto framework is to separate your ID and operation logic from your

36
00:03:20,790 --> 00:03:21,600
business logic.

37
00:03:21,780 --> 00:03:27,510
So in order to do that, you should always consider a separate authentication and authorization somewhere

38
00:03:27,720 --> 00:03:31,830
under all your business logic can stay inside the resource somewhat.

39
00:03:31,890 --> 00:03:37,800
So in order to add two or two framework inside my easy bank application, I'm going to consider key

40
00:03:37,810 --> 00:03:45,360
clock tower and implement automation framework inside easy bank app using auto framework.

41
00:03:45,570 --> 00:03:52,290
Again, the reason why I chose key clogged arteries, it is open source and it is free to use.

42
00:03:52,440 --> 00:03:59,280
And once you understand how to implement or to framework inside of Web applications like easy bank app

43
00:03:59,490 --> 00:04:06,630
using key observer, it is pretty much easy to adopt to commercial products that we have available inside

44
00:04:06,630 --> 00:04:10,860
the market, like OK to forge Iraq and HWC Cognito.

45
00:04:11,010 --> 00:04:15,840
So due to that reason, I'm considering cheak lock up server inside this section.

46
00:04:15,960 --> 00:04:17,339
So let me explain you.

47
00:04:17,550 --> 00:04:24,840
What we are going to implement are what kind of changes we are going to make inside our easy bank application

48
00:04:25,020 --> 00:04:29,550
in order to incorporate or to framework using it locatio.

49
00:04:29,910 --> 00:04:37,740
Firstly, I will have a resource server, which will strictly how the rest APIs expose in order to get

50
00:04:37,740 --> 00:04:43,500
resources and data regarding accounts, costs, loans and other details.

51
00:04:43,800 --> 00:04:51,030
So this resource, our our backend server will not have anything related to authentication and authorization.

52
00:04:51,030 --> 00:04:51,270
So.

53
00:04:51,570 --> 00:04:57,060
So I'm going to remove all database interaction to perform a login operation.

54
00:04:57,300 --> 00:04:59,610
So all those authentication providers.

55
00:04:59,950 --> 00:05:02,550
Password and Cortez filters everything.

56
00:05:02,560 --> 00:05:07,140
I'm going to remove and my back, and so I will simply act as a resource server.

57
00:05:07,330 --> 00:05:13,540
So whenever someone tries to access it by passing a valid access token, it will give a proper response.

58
00:05:13,810 --> 00:05:16,920
So once I build my resource, so what next?

59
00:05:16,960 --> 00:05:22,510
At the same time, I will have a separate authentication server based upon geek clock.

60
00:05:22,630 --> 00:05:28,930
So inside these key block authentication server, I will store all my user credentials.

61
00:05:29,080 --> 00:05:35,200
The rules so that I can perform authentication and authorization using key Gloc Ottowa.

62
00:05:35,380 --> 00:05:41,650
So this way, we separated both authentication, authorization, logic and the business logic into two

63
00:05:41,650 --> 00:05:43,360
separate entities.

64
00:05:43,600 --> 00:05:49,790
And with that in place, we can have two different kind of applications who are trying to interact with

65
00:05:49,790 --> 00:05:51,020
the resource over.

66
00:05:51,040 --> 00:05:57,580
One is you may try to connect to your resource, our using client applications like angular based Web

67
00:05:57,580 --> 00:06:00,490
applications, just like how we are doing right now.

68
00:06:00,850 --> 00:06:08,590
So in this scenario, my Angular app application will try to get a access token by connecting with the

69
00:06:08,590 --> 00:06:12,060
key block whatsoever and passing credentials to get.

70
00:06:12,280 --> 00:06:19,990
Once my Osawa use an access token in the second step, it will go and pass that access token to the

71
00:06:19,990 --> 00:06:25,850
resource server, and it will try to invoke any API that is exposed by the resource.

72
00:06:25,850 --> 00:06:28,510
So like accounts, loans are cards.

73
00:06:28,810 --> 00:06:36,910
And once my resource server receives an access token, it will go and validate whether the access token

74
00:06:36,910 --> 00:06:40,150
is valid or not by connecting the dots over.

75
00:06:40,420 --> 00:06:47,470
And at last, if the access token provided by client application is valid, my resource server will

76
00:06:47,650 --> 00:06:52,450
respond with the data that my client application is expecting.

77
00:06:52,810 --> 00:06:57,460
The same kind of flow will also happen if you try to consume.

78
00:06:57,460 --> 00:07:04,510
The AP is exposed by a resource server through Posman Application or any other backend application which

79
00:07:04,510 --> 00:07:08,650
is trying to consume APIs, expose by the resource server.

80
00:07:08,920 --> 00:07:15,560
So this way, regardless of what application is trying to connect with the resource.

81
00:07:15,560 --> 00:07:19,540
So they have to follow that all these four steps.

82
00:07:19,930 --> 00:07:25,210
The very first one is they have to connect to the key block, whatever, to get access token.

83
00:07:25,420 --> 00:07:31,930
And the second step is the same access token needs to be passed to the resource server while client

84
00:07:31,930 --> 00:07:35,440
application trying to consume the APIs exposed by that resource.

85
00:07:35,440 --> 00:07:42,880
So once the resource server validate the access token with the ATSO, it will respond with the successful

86
00:07:42,880 --> 00:07:46,210
response that my client application is expecting.

87
00:07:46,480 --> 00:07:48,130
So these are the simple four steps.

88
00:07:48,370 --> 00:07:52,030
But don't worry that this seems to be a complicated process.

89
00:07:52,300 --> 00:07:54,430
We will implement this step by step.

90
00:07:54,640 --> 00:07:57,970
And I can assure you, it's very simple.

91
00:07:58,330 --> 00:08:06,370
By the end of this section, you will be very confident on how to implement this kind of war to framework

92
00:08:06,370 --> 00:08:08,110
inside any Web application.

93
00:08:08,260 --> 00:08:08,800
Thank you.

94
00:08:08,890 --> 00:08:10,500
And I'll see you in that next lecture.

95
00:08:10,510 --> 00:08:10,870
Right.