• 8 hours
  • Hard

Free online content available in this course.

course.header.alt.is_video

course.header.alt.is_certifying

Got it!

Last updated on 12/11/19

Create a Secure Login for Your Spring App With OAuth 2.0

Log in or subscribe for free to enjoy all this course has to offer!

Evaluated skills

  • Create a secure login for your Spring app with OAuth 2.0
  • Question 1

    OAuth 2.0 has a distinct workflow in the web application to handle authentication requests to third party authorization servers.  What is the workflow pattern when the user logs into the client app with Facebook?

      1.  The user registers on the Facebook authorization server with the  name of the client app.
      2.  They wait for a verification email with a token and the link to the client app.
      3. They click on that link and log into the client app with the token number.
      4. The user is now authenticated on the web app.
      1. The user goes to Facebook.com and logs in to bypass OAuth 2.0.
      2. The user goes to the client app’s Facebook page, and clicks on Open App.
      3. The client app opens, and the user is logged in automatically.
      4. The user is now registered in the app’s database with Facebook credentials.
      1. User clicks on Login through Facebook on your web app.
      2.  User is redirected to Facebook authorization server to authenticate.
      3.  Facebook sends an authorization code back to your web app in exchange for an access token.
      4.  User is now authenticated on your web app.
      1. The user hates Facebook and goes to another website.
      2. The user logs into a competitor’s website using Okta.
      3. Now the user is happy because Okta works well with OAuth 2.0.
  • Question 2

    Why was OpenID Connect (OIDC) added to OAuth 2.0 for authentication? More than one answer is correct.

    Careful, there are several correct answers.
    • OAuth 2.0 was used strictly for authorization, and the user authorized only a limited amount of information back to the client web app. 

    • The scope with OIDC allows the client web app to request claims for specific, verified user information back to the client app.

    •  OAuth 2.0 is used for authentication, but the client needed a way to authorize more of the user’s information.

    • OIDC added the ability to gain verified user data after authenticating to third party providers through OAuth 2.0.

  • Question 3

    Which code snippet shows the default OAuth 2 login page being used in the security filter chain?

    • @Configuration
      public class SpringOAuth2Config extends WebSecurityConfigurerAdapter {
      @Override
      protected void configure(HttpSecurity http) throws Exception {
      http.authorizeRequests()
      .anyRequest().authenticated()
      .and()
      .oauth2Login();
      }
    • @Configuration
      public class SpringOAuth2Config extends AuthenticationHandler {
      @Override
      protected void configure(Authentication auth) throws Exception {
      auth.authorizeRequests()
      .anyRequest().authenticated()
      .and()
      .oauth2Login();
      }
    • @Configuration
      public class SpringOAuth2Config extends WebSecurityConfigurerAdapter {
      @Override
      protected void configure(HttpSecurity http) throws Exception {
      http.authorizeRequests()
      .anyRequest().authenticated()
      .and()
      .formLogin().oauth2authrequests();
      }
    • @Configuration
      public class SpringOAuth2Config extends WebSecurityConfigurerAdapter {
      @Override
      protected void configure(HttpSecurity http) throws Exception {
      http.authorizeRequests()
      .anyRequest().authenticated()
      .and()
      .oauth2Login()
      .loginPage("/oauth_login"); ;
      }