lspil / youtubechannel Goto Github PK

@lspil Quick question on SS with OAUTH2.
I am trying to develop an API which need to use oauth2 with spring boot & spring security latest version.
here I have an Authorization server which uses grant type client_credential with basic auth and provide the access token.
Example: In postman
url: http://localhost:8090/oauth2/access_token?grant_type=client_credentials
Method: POST
basic auth: username & password
return: token in json format
Now there is another resource server which uses this access token and return the data to this API.

Example: In postman:
Url: http://localhost:8095/data/userList
Method: Post
Bearer Token: token

my question is that how can I do both Authorization & resource server into one API project? I know the flow here is that first it will get access token from authorization server then will attach access token to resource server call.
Appreciate your help in advance.

Hi Laurentiu! Thank you for your content! I have a question. What if I don't use sessions. I saw a lot of examples where people implement their CookieAuthorizationRequestRepository. But the deserializing cookie is potentially insecure... Can you suggest some best practices?

Hello, Laur!
I'm sorry to write here, but for some reason I can't leave a comment on YouTube
I really need your help, I'm about to hand over the project and I can't progress at all.

The fact is that after receiving the code from the login page, I paste it into the postman and get a 400 error with body {"error": "invalid_grant"}

but every data is correct, and code was writed by tutorial

I thought maybe it was the google chrome password manager that automatically uses the code, and it ceases to be valid, but it seems that this is not the problem. with incognito mode everything was the same

https://github.com/Denivor007/AuthServiceFixNeeded2

I follow your youtube , and write my own version , but error occur as below:

I found error is releated to @Import(OAuth2AuthorizationServerConfiguration.class) ,but not clear about how to fixed it.

Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.