Learnitweb

Category: Spring Security

  • Keycloak – Create new OAuth client and request access and refresh token

    1. Introduction In this tutorial, we’ll learn how to configure a new OAuth client application in Keycloak. We’ll then see how to configure client application secrets. We’ll then use the new credential to perform authorization code flow. 2. Configure new OAuth client application We’ll not see how to configure a new OAuth client. In the…

  • Creating New Realm and New User in Keycloak

    1. Introduction In previous tutorial, we started a Keycloak server in our localhost and created Admin user to login to the administrative console of Keycloak. In this tutorial, we’ll create a new realm and a new user in Keycloak. 2. What is a realm in Keycloak? A realm in Keycloak is equivalent to a tenant.…

  • Running Standalone Authorization Server Keycloak on Localhost

    1. Introduction Keycloak is an open-source identity and access management (IAM) solution designed for modern applications and services. It provides features such as single sign-on (SSO), user federation, identity brokering, and social login. Built on top of popular standards like OAuth 2.0, OpenID Connect, and SAML 2.0, Keycloak offers seamless integration with various applications, allowing…

  • OAuth 2 – Authorization Code Grant

    1. Introduction In this tutorial, we will dive into one of the most widely used OAuth 2.0 grant types, designed specifically for secure authorization in web applications. The Authorization Code Grant is an essential tool for server-side applications that require a robust and secure way to obtain access tokens on behalf of users. 2. OAuth…

  • OAuth 2 Grant Types

    1. Introduction In this short tutorial, we’ll briefly discuss OAuth 2 grant types. 2. OAuth 2 Grant Types An OAuth 2 grant type is a method defined by the OAuth 2.0 authorization framework that allows a client application to obtain an access token. Various applications may exist, and the choice of OAuth grant type depends…

  • Encryption Algorithms

    1. Introduction In this tutorial, we’ll discuss the encryption algorithms in brief. We’ll discuss one-way encryption, symmetric encryption and public key cryptography. 2. One-way encryption These algorithms are also known as hashing algorithms. A one-way algorithm takes an input string and generate an output known as the message digest. The output can not be converted…

  • OAuth 2.0 protocol flow

    1. Introduction In this tutorial, we’ll discuss the OAuth 2.0 protocol flow. We’ll discuss the basic protocol flow. There are other variations to this flow bases on the different use cases, for example in case of refresh tokens there is an extra step to get the new access token in case the existing access token…

  • What is OAuth 2.0?

    1. Introduction OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 is an open protocol (or you can say a set of specifications) that allows developers to authorize users from web, mobile and desktop applications. This specification and its extensions are being developed within the IETF OAuth Working Group. One important point to note…

  • Getting started with using Spring Security with Spring Boot – Securing REST API

    1. Introduction In this tutorial, we’ll integrate Spring Security with Spring Boot. We’ll see how to secure a REST API with Spring Security in a Spring Boot application. In this tutorial, we’ll create a simple REST API with Spring Boot and will secure it. You can say that this tutorial is the very first step…

  • Password encoding with Spring Security

    1. Introduction Spring Boot has inbuilt support for authentication. The most common way of authentication is using username and password. In this tutorial, we’ll discuss about authentication using username and password and encoding passwords. We’ll discuss in brief about the password encoding. Understanding the background of password storage is very important to secure an application.…