Hello. I listened to the lecture on security and OAUTH2 well. I can feel that the instructor prepared the lecture a lot and is passionate. And he is also a very knowledgeable person. However, I think it would be good if the teaching method was improved a bit. 1. I feel like the explanation is a bit rushed. This is a bit awkward, but I think that calmly leading the lecture can reduce awkwardness. Sometimes, I skipped over the words without knowing what they were because of the pronunciation. 2. The lecture structure is difficult for students to learn proactively. Basically, you have no choice but to follow along. In such a situation, if the instructor and students are not properly synchronized, and the instructor and the students have different contexts, the students become very stressed. I sometimes see emotional posts expressing complaints about this in the community. I understand the feelings a little. This is because most of the students who purchase the lecture start taking the lecture with high expectations. From the instructor's perspective, something that is so obvious (the more years you have and the more knowledge you have, the stronger this tendency becomes), but from the student's perspective, it is often not the case at all. 3. For example, it was good to practice authorization requests with Postman and then move to Spring. Well, since the speed of the speech is fast without any special points, it feels like important stories are flowing by. For example, when requesting authorization for the first time, when you press the login button, the client requests /oauth2/authorization, and when the client requests a temporary code from the authorization server, it goes down to /oauth2/authorize, but since this just happens, I couldn't recognize it for a while. It was quite confusing and confusing for a long time. So I got used to it by debugging it one by one. I think it may be because the instructor is so familiar with it, but when you are teaching, you say, "This URL may be a bit confusing. The initial login is /oauth2/authorization, and the code request is /oauth2/authorize. In reality, the authorization process starts when the client requests a code, so authorize means granting permission, so /oauth2/authorize is the URL for requesting a code. In this context, it would be good to remember it." If you explain it once, it will be a very helpful point for students. 4. When proceeding with the next chapter lecture, there are many cases where you proceed with new code (from the beginning). I think it is the same reason why someone asked to maintain the code in the course review. It is definitely convenient because Younghan leaves all the code after the first lecture. The process is carried out without editing, so just watching and following it together can be a learning experience, and it is advantageous because students and instructors can be on the same page. You can start from a new branch every time like Suwon Instructor, but I think it would have been good if there had been just one guide at the beginning of the lecture. Each clip or section is managed as a branch unit, so if possible, I ask the students to do the same. There may be some beginners in Git. You only need to show it once. Since you are not going to merge PRs into master, if you just show them how to create a new branch, the students will be on the same page as you. 5. Lastly, I think it would have been better to explain Filter -> Manager -> Provider -> before the actual lecture started. They mentioned it in the latter half of the lecture. I realized that the pattern was set while listening to the lecture, but it would have been easier if I had known the pattern at the beginning. It may be less so in other lectures, but Security has so many classes and the depth is so deep that it is a bit confusing to follow the lecture, and I get lost even while following the lecture. Of course, the instructor explains the flow with class diagrams at the beginning, but when the screen is filled with classes with long names that I have never seen before... the flow is not immediately apparent. Of course it helps, but I still don't think I'm on the same page as the students. 6. Oh, and you clearly said that you would save it in the database during the final practice instead of saving it in memory, but I was a little disappointed that you forgot and ended the practice with in-memory. This is a small thing, but it would have been better if you had named the resource server as ResourceServerPhoto instead of 1, 2 during the final practice. When I was taking a C++ class in the past, the instructor said, "It might be boring or not fun because it's the same example every time (the example was written by putting the name, age, and a few other pieces of information in the Person class), but since you have a lot to learn in the future, the hurdle for newness in this area should be low so that it's easy to learn." I remember that. I like what Einstein said, that when explaining, you should make it so that even a grandmother without relevant knowledge can understand, so I wrote down a lot of thoughts about teaching methods. Nevertheless, students, Security and this lecture are great guides for understanding the in-depth inside of the security framework. I now know almost everything about where and how to set breakpoints when debugging. If the breakpoints don't go where I thought they would, I can figure out the right flow by looking around more. Security and OAUTH2 are definitely not easy lectures, but I think they are lectures that you can gain a lot from if you put in the effort. I'm learning well. Thank you.