Learn Spring Security OAuth

The definitive guide to secure your application with OAuth2

Why Learn About Security OAuth?

Spring Security is, of course, the gold standard for implementing mature security in Java, and so is its great support for OAuth2.
However, there’s still a lot of confusion around what OAuth actually is. So, before going deeper into the advanced aspects of the standard and into implementation with Spring Security, we’ll start by building a clear understanding of the protocol.

Once we go over the basics, we’ll dive into common OAuth scenarios with Spring Security – from accessing JWT token attributes to testing OAuth clients and using OAuth in a microservices application.

Yes, the OAuth stack can handle pretty much everything you can throw at it, quite well.

This OAuth material is a direct result of my own consulting practice, helping teams understand and chose the right OAuth flow, and implement (and often re-implement) OAuth2 in their systems.

The canonical reference for securing a web application with Spring Security and OAuth2.

The 6 modules cover everything from the basics of the OAuth2 flows to a full deep-dive into OpenID, JWT, Spring Boot support.

Simply put, every possible corner of an OAuth2 implementation with Spring Security.

This Course contains:

  • multiple-choice questions in each lesson to make sure you fully understood the material
  • a Certificate of Completion (example)
  • the download ability for all video lessons – to help you learn offline

Of course, if you have any questions about the material, ping me directly here, on chat, or over email.

~33 Hours

lsso-master-white-green.png

1. Intro to OAuth2 and the OAuth2 Roles

4 LESSONS (2 Video + 2 Text) ~ 2 HOURS

  1. Intro to OAuth2 and the OAuth2 Roles (theory) (text)
  2. Picking the Right OAuth Grant Type/Flow to Use (theory)
  3. The State of OAuth2 in Spring Security (preview lesson)
  4. Setting up the Project (text)

2. The Basics of OAuth2

5 LESSONS (4 Video + 1 Text) ~ 3 HOURS

  1. The Authorization Code Flow (theory) (preview lesson)
  2. The Authorization Server with Keycloak
  3. The New OAuth2 Client Support (2 parts)
  4. The New Resource Server Support (2 parts)
  5. JWT Support (text)

3. OAuth2 Beyond the Basics - The Resource Server

8 LESSONS (8 Text) ~ 8 HOURS

  1. Basic Authorization with OAuth2 (preview lesson)
  2. Verify/Validate Claims from the JWT (text)
  3. Accessing JWT Bearer Token Authentication Attributes (text)
  4. Accessing JWT Bearer Token Authentication Attributes Using SpEL (text)
  5. Custom Authorities From JWT Claims (text)
  6. Custom Validators For JWT Claims (text)
  7. Resource Server Multi-Tenancy Support (text)
  8. Resource Server Testing Support (text)

4. OAuth2 Beyond the Basics - The Client

5 LESSONS (5 Text) ~ 5 HOURS

  1. The Client Configuration Under the Hood (text)
  2. New OAuth2 Social Login (text)
  3. Refreshing a Token (text)
  4. Testing OAuth2 Clients (text)
  5.  The Authorization Code Flow with PKCE (text)

5. OAuth2 Beyond the Basics - Deep-Dives

9 LESSONS (9 Text) ~ 11 HOURS

  1. OAuth2 and SPAs (theory) (text)
  2. OAuth2 and SPAs (implementation) (text)
  3. Exploring JWS with OAuth2 (text)
  4. Testing OAuth2 with REST-assured (text)
  5. OAuth2 and OpenID Connect (text)
  6. Logout with OAuth and OIDC (text)
  7. The Client Credentials Flow (text)
  8. Token Revocation (text)
  9. The Legacy Stack Authorization Server (text)

6. Microservices, Spring Security and OAuth2

3 LESSONS (3 Text) ~ 4 HOURS

  1. OAuth Security Patterns in a Microservice Application (text)
  2. Sharing Principal Information in Microservices (text)
  3. Exploring Topologies – Gateway API as OAuth2 Client (2 parts) (text)

Access this course through Baeldung All Access

All 6 Courses (50+ modules, 200+ lessons)

IntelliJ Idea Ultimate (6 months free)

Full Downloads for All Videos

Certificates of Completion

Multiple-Choice questions in Each Lesson 

Pro Access

Explore All Access

Yearly or the Lifetime access

Do you have a team who would benefit from taking the course?

Here are our team licenses

20-Day Money Back Guarantee

I believe strongly in the quality of the course material to teach you the fundamentals of API design as well as the advanced tactics to take your API into production. I’ve put a lot of work and care into the material and hope you’re going to use it and really make your REST APIs a lot better.

I confidently back all courses with a 20-Day Money Back Guarantee. I want you to dive in deep and experience the full wealth of this resource without hesitation.

If the material isn’t a good fit, just contact me within 20 days of purchase, and ask for a full refund for any single course package.

The most common questions, answered -->

Support and Privacy

The Learn Spring Security Course

Free Sample Lessons