The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

zartc (13) [Avatar] Offline

Are you going to include some paragraphs about the OAuth2 configuration ?
I think it is important to complete the chapter 4 about spring security.

kaqqao (3) [Avatar] Offline
Agreed. In this day and age, it's non-optional.
northernpeople (33) [Avatar] Offline
Hi Craig,

I am a big fan of your books, and have all but first edition of SiA. Your explanations and examples are what makes me say: 'I get it now'!

I feel like we, the readers, could benefit from OAuth chapter, and would really appreciate if you included explanation and some direction for us.

I know there is OAuth2 in Action; still I prefer your books, since they have relevant examples of what to do day-to-day.

Please please please!

P.S. Having a few pages on how to work with JWT on top of OAuth material would be even better!
habuma (279) [Avatar] Offline
I agree that OAuth2 coverage is important. But OAuth2 is generally used for API security, so I've decided to make it part of chapter 6. (Yeah, I know that it can be used to do a "sign-in-with" scenario, but that's not the main OAuth2 story).

All that said, chapter 4 was written at a time *BEFORE* Spring Security 5 was GA and the OAuth2 support in SS5 was still a work-in-progress. So writing about OAuth2 when I was writing chapter 4 would've certainly required many changes later. Now it *is* later and I might consider adding in a tiny bit on SS5's OAuth2 sign-in-with support to chapter 4 and then focus on API security in chapter 6. (Still pondering this, don't take this as a set-in-stone plan.)