Course Content
Testing Good Practices, Mocking, Types of Doubles
0/4
Good qualties of unit tests
What is Mocking
How to autowire if we have more then one instance
How to delete category if products to attached with this
Testing demo, annotation and product controller test
0/6
Explanation of java testing folder structure
Test Annotations
How to navigate from normal file to test file
Write first demo test
Product Controller Test
Exception Test
00:00
Auth v/s Auth, Tokens, BCrypt
0/5
Authentication and Authorisation
Authentication Process Flow
Hashing
Bcrypt Encoder
Token
Authentication : Implementing User Service
0/4
Oauth
Step by step guide how to create Sign up
44:52
Step by step guide how to create Sign In
Step by step guide how to Logout
Implementing OAuth 2 authentication using Spring Security
0/2
Spring Security
00:00
Developing Your First Application
00:00
Creating a Payment Microservice Implementing Razorpay
0/5
Step-by-Step Guide to Building a Payment Microservice
48:02
How to Create and Set Up a Payment Service Project in Spring Initializr
Developing a Payment Controller and Service in Spring Boot
Integrating Razorpay Java Client SDK into Your Payment Microservice
How to Implement getStatus in RazorPayGateway for Payment Microservices
Optimizing our APIs using Redis and Kafka for ASync Comm
0/5
Caching introduced here
How to Update the Cache:
Caching in product service
Global cache
Introducing a Cache Layer with Redis
Low Level Design Notes
0/1
Download Notes
11:13
Backend Low Level Design 4
About Lesson

Every time we authenticate, it’s not necessary to do it for every microservice. For example, let’s say we have a user management service that handles sign-up, login, password recovery, and token validation.

Imagine we’re searching for something. First, we try to log in by sending a request to the user service. If the login is successful, we receive a token. We then send this token to the search page. The search page sends another request to validate the token, using the validateToken API in the user service. If the token is valid, we receive a response, and we redirect the user to the search page.

Now, suppose we have multiple services that need validation, all of them sending requests to the user service to validate the token.

Oauth -> Many websites offer sign-up options through Google and Facebook to quickly authenticate users. But how does this work when they’re using third-party APIs for authentication?

Here lies a challenge: each OAuth provider, like Google or Facebook, has its own way of handling logins and sign-ups. Writing code for all of them can be difficult. To address this,there’s a solution: OAuth protocols. OAuth is an industry-standard protocol for authorization, much like REST is for APIs.

To implement OAuth, we need to follow its protocols. OAuth provides an API contract (or interface) for authorization, making it easier to establish consistent authentication mechanisms across different platforms.

 

How does OAuth work?

OAuth involves four main participants:

  1. User: This is the person or client seeking access to a resource.
  2. Resource server: This server holds the information that the user wants to access.
  3. Application: This is the service through which the user is attempting to access something.
  4. Authorization server: This service manages the authentication process.

Let’s understand this with a simple example. Suppose we want to access a specific course topic, let’s say “/topics/course/1”, and we’re logging in via Google. When we log in using Google, we’re redirected to a popup on the Authorization server, which is part of our website or application. Here, we provide our Google credentials. Then, we receive a response indicating whether the login was successful or not. All the resources we’re accessing are within our application, so it’s also considered the resource server. In this scenario, I, as a user, am trying to authenticate.

Let’s use an example with “Cred” as our application and “Google” as our Authorization server. Back then, to access certain features, Cred needed permission to read our emails. This allowed it to view our bank statements and make payments if necessary. In this scenario, Cred interacts with another service, like Gmail or perhaps SMS. It passes a token to access our emails. Since Gmail holds the data we need, it acts as the resource server.

In Case 1, where the application is also the resource server, the login request goes directly to the application. The application then sends a request to the authorization server. After a successful login, you receive a token.

In Case 2, where the application server and resource server are different, the login request goes to the application server first. The application server then calls the authorization server, which returns the token. Afterward, the application server makes another request to the resource server using this token. If the resource server can’t validate the token, it calls the authorization server. If the token is invalid, you’re signed out immediately. If it’s valid, the data is returned to the application server.

Previous
Next
Enroll Now