zartc (11) [Avatar] Offline

Are you going to include some paragraphs about the OAuth2 configuration ?
I think it is important to complete the chapter 4 about spring security.

kaqqao (3) [Avatar] Offline
Agreed. In this day and age, it's non-optional.
northernpeople (23) [Avatar] Offline
Hi Craig,

I am a big fan of your books, and have all but first edition of SiA. Your explanations and examples are what makes me say: 'I get it now'!

I feel like we, the readers, could benefit from OAuth chapter, and would really appreciate if you included explanation and some direction for us.

I know there is OAuth2 in Action; still I prefer your books, since they have relevant examples of what to do day-to-day.

Please please please!

P.S. Having a few pages on how to work with JWT on top of OAuth material would be even better!
habuma (277) [Avatar] Offline
I agree that OAuth2 coverage is important. But OAuth2 is generally used for API security, so I've decided to make it part of chapter 6. (Yeah, I know that it can be used to do a "sign-in-with" scenario, but that's not the main OAuth2 story).

All that said, chapter 4 was written at a time *BEFORE* Spring Security 5 was GA and the OAuth2 support in SS5 was still a work-in-progress. So writing about OAuth2 when I was writing chapter 4 would've certainly required many changes later. Now it *is* later and I might consider adding in a tiny bit on SS5's OAuth2 sign-in-with support to chapter 4 and then focus on API security in chapter 6. (Still pondering this, don't take this as a set-in-stone plan.)