Spring Batch

Hello. ^^

Spring Security OAuth2 lecture is coming soon.

This can be said to be the second lecture following the first lecture on Spring Security.

Although there are common denominators, the topics are clearly different and require prior knowledge of the first lecture.

I feel this every time I make a lecture, but this lecture also seems to have taken more time and energy than I had originally planned. It's been almost a year since it was released to the world~~
I hope that this lecture will be a good outcome for all students as we have overcome difficult times.

The opening date is expected to be around October 14th to 16th.

- Course name: Spring Security OAuth2
- Number of lectures: Approximately 110 lectures
- Lecture material PPT: 420 pages

This lecture will cover the following topics:

1. Understanding Spring Security OAuth2 Core

Based on the OAuth2.0 standard technology and Spring Security OAuth2, the lecture will focus on the three axes of OAuth2 Client, Resource Server, and Authorization Server, which are the core concepts of OAuth2.

1) OAuth 2.0 Authorization Framework
We will look at the overall concepts, principles, and structure of the OAuth 2.0 authorization framework, which is an RFC standard technology.
Before learning the full-fledged technology of Spring Security OAuth2, you should first understand the basics and fundamental theories of the standard technology of OAuth 2.0 and become familiar with the exact concepts through practice so that you can follow the contents of Spring Security OAuth2 without difficulty.

2) OAuth2 Client
As a client module of OAuth 2.0, we will introduce various types of authorization grant types and request APIs that can be used by clients to connect to authorization servers, and learn how to implement access control to resource servers using tokens issued from authorization servers.
We also introduce how to implement social login functionality through integration with OAuth 2.0 Authorization Server service providers such as Google, Facebook, GitHub, Naver, and Kakao.
We will also introduce OpenID Connect, an authentication protocol, and understand the flow and various options for authentication processing.

3) OAuth2 Resource Server
As a server that protects the user's resources, it acts as an API server.
Learn how a resource server protects resources, how to validate tokens for requests that include Access Tokens, and the flow that controls the authorization chain.

Let's look at how to extract the Scope when the Access Token issued by the OAuth2 service provider is a token generated in JWT format, and learn how the resource server analyzes the Scope included in the Access Token to determine whether or not it is authorized.

4) OAuth2 Authorization Server
There are a variety of Authorization Server commercial products and services on the market, including open source.
For this reason, the Spring Security development team discontinued the Authorization Server framework project, but due to numerous requests from developers, the Authorization Server project was reborn with a completely new design.
This course was created based on the Authorization Server project that was reborn with a new architecture, and we will look at the details of the function as an authorization server through linkage with OAuth2 Client and Resource Server, and learn how to build and service an authorization server on your own. The focus is on equipping you with knowledge.

Learn about the main classes that handle Authorization Server functionality and how you can customize them.
We will also look at the specifications for the OAuth 2.0 standard endpoints and learn about the structure and processing of filters set for each endpoint.

2. Learning Curriculum

Spring Security Fundamentals
We'll look at the core fundamentals of Spring Security.
We will learn more about the initialization process and its principles, and cover elements such as HttpBasic, Cors, etc.

OAuth 2.0 Authorization Framework
Learn about the detailed specifications for the OAuth 2.0 standard technology.
First, understand the various terms expressed in OAuth 2.0, organize the concept of the types of authorization flow, and understand the overall flow of the authorization framework by utilizing the keycloak open source.

OAuth 2.0 Client - oauth2Login()
We will learn how to automate the functions of the client app and how to connect to the authorization server using the Authorization Code method, which is a type of authorization flow, and examine the entire process from user approval and approval to receiving an Access Token and then authentication/authorization processing. You will learn about structure.

OAuth 2.0 Client - oauth2Client()
In addition to Authorization Code, which is the type of authorization flow provided by the oauth2Login() API, we will look at how to connect to the authorization server using Resource Owner Password and Client Credentials types, and learn how to use DefaultOAuth2AuthorizedClientManager and @RegisteredOAuth2AuthorizedClient to understand the client authorization flow through this. do.

OAuth 2.0 Client - OAuth 2.0 Social Login
There are OAuth2 service providers such as Google, Facebook, GitHub, Naver, and Kakao. We will look at the login authentication method using Google, Naver, and KeyCloak, as well as the implementation method for follow-up processing after authentication.

OAuth 2.0 Resource Server API - jwt()
We will look at how to configure a resource server and the functionality of JwtDecoder to handle Access Token requests, and learn the structure and usage of authentication-related objects created after successful token verification.
We will also look at the MAC & RSA algorithms used to verify the validity of the Access Token and the processing procedures used to verify it.

OAuth 2.0 Resource Server - Implementing Resource Server Authorization
Learn how to handle Access Token requests with filters and convert Scope extracted by JwtDecoder into permissions and control access to resources with the converted permissions.

OAuth 2.0 Resource Server - opaque()
Learn how to use the remote token validation process to directly communicate with the authorization server to determine whether an Access Token is active.

Spring Authorization Server - Main Domain Classes
You will learn about the types, concepts, and roles of the main domain classes that make up the authorization server, and how these classes can be referenced and utilized in Spring MVC.

Spring Authorization Server - Endpoint Protocol
Learn about the different types of endpoint protocols that are core to the authorization server.
We'll walk through the entire process in detail, with diagrams and flows, from the endpoint that initiates the authorization request to the endpoint that requests user information.

OAuth 2.0 Client + Resource Server + Authorization Server integration
We will learn how to link and connect each OAuth2 module provided by Spring Security, and examine specific items that perform functions as an OAuth2 service provider through examples.

3. Understanding architecture/flow/principles

Among the Spring Framework projects, Spring Security requires a comprehensive understanding of the internal source level implementation, including technical architecture, operating principles, and flow.

If you use a given API and encounter unexpected errors or issues, you will search Google to find solutions. However, there is not much information about Spring Security OAuth2, and most of the cases are similar cases that appear repeatedly. Therefore, if you do not accurately understand or analyze the internal structure and operating principles of Spring Security OAuth2, you will face many difficulties in operating the service.

That is why this course focuses on providing knowledge that allows you to respond flexibly in any situation by completely analyzing and understanding the structure and flow of Spring Security OAuth2 beyond simple API usage and functional examples through various diagrams and accurate and detailed explanations through Flow and debugging. This can be said to be the pattern and common characteristics of the lectures opened by this instructor.