Learn Spring Security OAuth
The definitive guide to secure your application with OAuth2
Why Learn Spring Security?
The Java ecosystem is vast and quite mature, but when it comes to security, right now, in 2020, there's really no debate. If you're working on the security of your application, you're most likely using Spring Security.
Simply put, the framework is able to handle everything you throw at it - from simple scenarios to highly complex, distributed security requirements. There are some OK alternatives, but nothing really comes close.
Should I do OAuth?
There's a lot of confusion out there around what OAuth actually is.
So, before all the "deep-dives" into the advanced aspects of the standard - we're starting with the very basics, and we're building up a clear understanding of the protocol.
It's critical to learn where OAuth fits well and is great solution, and in which scenarios you actually need to avoid it.
And, once you know you're doing OAuth - you need to understand exactly how it works - to do it well. This is where this material gets interesting - the deep-dives.
The New OAuth2 Stack in Spring Security 5
About two years ago, the Spring Security core team did something unexpected - they announced they were going to do a full rewrite of the OAuth2 support in the framework.
This was big news!
It was also the very first time a core Spring project has made such a bold commitment towards a ground-up, major rewrite in the framework.
The new OAuth2 stack is now moving fast with the Spring Security 5.2 release now out and with 5.3 on the horizon - and the new functionality is already significantly better than the old stack.
That's what I'm focusing on in this new course, with the 3 classes below:
The Master Class
This is the full material - the comprehensive, start-to-finish path from just learning what OAuth is - to having a real-world, solid understanding of how to use it in practice.
The 7 in-depth modules focus on the new OAuth2 stack in Spring Security 5 with Spring 5 and Boot 2, today, in 2020, not looking back at the XML days of Spring Security.
The Certification Class
This class is simple - it contains the full material from the Master Class, plus downloads and multiple-choice questions - to help you get the most out of the material.
When you're done, you're going to get a "Certificate of Completion" for the course.
The Coaching Class
This is where we go beyond the course material, with a year-long group Coaching Program - where I'll take a small group of students through both the course but also their own specific implementations.
Past sessions and workshops are, of course, recorded and available.
Practice by Coding
Each lesson in the course is either code-focused on a specific OAuth scenario, or theoretical, introducing you to the core concepts. Like all of my courses, the approach is "learn by doing" - or, more specifically, by coding.
I've structured the material to show you how to secure very different types of applications, each with their own characteristics, where a specific flow that fits and others that don't.
I'm Eugen, and I'll be your instructor through this course.
I've been using OAuth extensively in my own consulting practice for many years now. I've helped teams implement (most commonly re-implement) security in their systems over a ridiculous number of Spring versions. And I've been teaching security throughout most of that time.
The lessons here come out of that experience, with a simple goal - to get you super comfortable with OAuth2, Spring Security 5 and Spring Boot 2.
To be clear - you can't get there by just watching videos - you'll need to code, along with me, through the material. The videos and the multiple-choice questions are your reference to come back to - whenever you need them.
This course, as I'm sure you're aware - is primarily focused on OAuth.
Naturally, if you're doing OAuth in your own application, you'll get a lot out of the material here.
But, if you're focusing on the full Spring Security 5 framework, beyond just OAuth, keep in mind this course is half of the full "Learn Spring Security" course.
The Master Class
The canonical reference for securing a web application with Spring Security and OAuth2.
The 6 modules cover everything from the basics of the OAuth2 flows to a full deep-dive into OpenID, JWT, Spring Boot support.
And, most importantly, the material is focused on the entirely new OAuth2 stack the Spring Security team has been working on since late 2017 now.
Simply put, every possible corner of an OAuth2 implementation with Spring Security 5.
Due Date: April 2021
1. Intro to OAuth2 and the OAuth2 Roles
4 VIDEO LESSONS
- Intro to OAuth2 and the OAuth2 Roles (theory)
- Picking the Right OAuth Grant Type/Flow to Use (theory)
- The State of OAuth2 in Spring Security 5 (theory) (preview lesson)
- Setting up the Project
2. The Basics of OAuth2 (New Stack)
5 VIDEO LESSONS
- The Authorization Code Flow (theory) (preview lesson)
- The Authorization Server with Keycloak
- The New OAuth2 Client Support
- The New Resource Server Support
- Tokens, JWT and the New Stack
3. OAuth2 Beyond the Basics - The Resource Server (New Stack)
3 VIDEO LESSONS
- Basic Authorization with OAuth2
- Verify/Validate Claims from the JWT
- Accessing JWT Bearer Token Attributes
4. OAuth2 Beyond the Basics - The Client (New Stack)
3 VIDEO LESSONS
- New OAuth2 Social Login
- Refreshing a Token
- Testing OAuth2 Clients
5. OAuth2 Beyond the Basics - Deep-Dives (New Stack)
7 VIDEO LESSONS
- OAuth2 and SPAs (theory)
- OAuth2 and SPAs (implementation)
- Exploring JWS with OAuth2
- Testing OAuth2 with REST-assured
- OAuth2 and OpenID Connect
- The Client Credentials Flow
- The Legacy Stack Authorization Server
6. Microservices, Spring Security and OAuth2 (New Stack)
WORKSHOP
- OAuth Security Patterns in a Microservice Application
- Sharing Principal Information in Microservices
The Certification Class
This Class contains the same material as the Master Class, but goes beyond the core material with:
- multiple-choice questions in each lesson to make sure you fully understood the material
- a Certificate of Completion (example)
- the download ability for all video lessons - to help you learn offline
Of course, if you have any questions about the material, ping me directly here, on chat, or over email.
Due Date: April 2021
Master Class
The canonical reference to doing OAuth2 properly with Spring Security
All 6 Modules
21 Video Lessons
-
-
-
-
Due Date: April 2021
Certification Class
This Class includes the Master Class material, exercises, downloads and the Certificate of Completion
All 6 Modules
21 Video Lessons
+ Exercises in Each Lesson
+ Full Downloads for All Videos
-
-
Due Date: April 2021
Coaching Class
This Class includes the Certification Class, 3 Workshops and 12 Group Coaching Calls
All 6 Modules
21 Video Lessons
+ Exercises in Each Lesson
+ Full Downloads for All Videos
All 3 Live Workshops (2+ hour events)
12 Group Coaching Calls
Due Date: April 2021
If you're looking to get both this course as well as Learn Spring Security Core,
Have a look at the full Learn Spring Security Course →
Do you have a team who would benefit from taking the course?
30-Day Money Back Guarantee
I believe strongly in the quality of the course material to teach you the fundamentals of API design as well as the advanced tactics to take your API into production. I've put a lot of work and care into the material and hope you're going to use it and really make your REST APIs a lot better.
I confidently back all classes with a 30-Day Money Back Guarantee. I want you to dive in deep and experience the full wealth of this resource without hesitation.
If the material isn't a good fit, just contact me within 30 days of purchase, and ask for a full refund for any single course package.
