1
00:00:00,210 --> 00:00:05,820
In this video, I'll show you the two tokens that we are using as a funnel inside our application,

2
00:00:05,970 --> 00:00:12,540
which is making our authentication and authorization flows very smooth in nature once we login into

3
00:00:12,540 --> 00:00:13,210
that system.

4
00:00:13,230 --> 00:00:18,920
So firstly, I came to the login page and I'm opening the console.

5
00:00:19,050 --> 00:00:21,110
You can go to the applications tab.

6
00:00:21,120 --> 00:00:25,060
And right now there are no cookies and tokens associated.

7
00:00:25,210 --> 00:00:32,689
Now, I'll try to login into the application with my valid credentials and as soon as I click on signing,

8
00:00:33,000 --> 00:00:36,180
I will be logged into the dashboard page.

9
00:00:36,480 --> 00:00:42,540
And you can see there are two tokens that are generated and this is how the sample tokens that you can

10
00:00:42,540 --> 00:00:43,020
think.

11
00:00:43,050 --> 00:00:44,790
And these are simple in nature.

12
00:00:45,090 --> 00:00:51,000
But if you have a complex requirements where along with the authentication and authorization, you also

13
00:00:51,000 --> 00:00:57,690
want to pass certain user related data, then we can go to the advanced tokens like JWT tokens.

14
00:00:57,850 --> 00:01:03,040
But these are very simple in nature these days, machinery and exercise of tokens.

15
00:01:03,060 --> 00:01:09,750
And again, these are stored as cookies because we are going with the default behavior that is provided

16
00:01:09,750 --> 00:01:11,040
by the spring secured.

17
00:01:11,070 --> 00:01:19,080
But in the coming videos we can look at that one topics of JWT and how we can generate that token and

18
00:01:19,080 --> 00:01:23,830
pass that in each and every request so that we don't have to rely on the cookies.

19
00:01:23,880 --> 00:01:28,710
So now I'm able to perform all the operations inside my application.

20
00:01:28,710 --> 00:01:36,600
And you can see all these resources are protected resources, but my server is not asking the credentials.

21
00:01:36,780 --> 00:01:42,500
The reason is the backend server store's discretionary values inside the service memory.

22
00:01:42,510 --> 00:01:48,870
And since this is the default behavior and we have only one back into so we should be good with this

23
00:01:48,870 --> 00:01:49,440
approach.

24
00:01:49,630 --> 00:01:57,060
But if we have a multiple micro solution scenario where you have a lot of servers in those scenarios,

25
00:01:57,270 --> 00:02:04,170
we will go with the separate authentication server, which will help all our application servers in

26
00:02:04,170 --> 00:02:07,110
generating and validating the tokens.

27
00:02:07,110 --> 00:02:14,430
And exercise of Tolkan is the token that we generated by leveraging the CSIRO repository inside spring

28
00:02:14,440 --> 00:02:15,230
security.

29
00:02:15,390 --> 00:02:19,230
So this token will help us from the CSR of attacks.

30
00:02:19,440 --> 00:02:21,710
Let's try to do some Arenda on this.

31
00:02:21,720 --> 00:02:28,530
So now I'll go to this additionally and edit this value by just removing one card at the end.

32
00:02:28,650 --> 00:02:34,170
And now I'm trying to perform the operation and you can see nothing thing is happening.

33
00:02:34,170 --> 00:02:40,230
And in the console I am getting an authorized user, which is a four zero one, which like we are expecting.

34
00:02:40,410 --> 00:02:43,260
Similarly, let's try to play with the exercise of token.

35
00:02:43,260 --> 00:02:49,920
Also, in the scenario of a sort of token, if the token is change and tamper in-between compared to

36
00:02:49,920 --> 00:02:55,300
what the solar generator, you will get a forbidden error, which is a four zero three error.

37
00:02:55,470 --> 00:02:57,050
Let's try to validate that as well.

38
00:02:57,270 --> 00:03:03,210
I'm just logging out and logging again and this time and making sure there are no cookies associated

39
00:03:03,360 --> 00:03:05,180
and just enter my credentials.

40
00:03:05,190 --> 00:03:06,810
I enter now.

41
00:03:06,810 --> 00:03:10,440
This time, instead of editing, I can also delete the cookie.

42
00:03:10,590 --> 00:03:11,760
I'm just deleting it.

43
00:03:12,000 --> 00:03:19,530
And if I click on any of the backend operation, I will get a four zero three error to tow my page so

44
00:03:19,530 --> 00:03:25,900
that it's not loaded completely because the backend operation fails with the four zero three error.

45
00:03:25,920 --> 00:03:33,900
So this way we used the default, a token based mechanism inside spring security using Jayesh generally,

46
00:03:34,110 --> 00:03:40,260
and we also built exercise of cocain to protect ourselves from that CSIR of attacks.

47
00:03:40,260 --> 00:03:42,110
But these tokens have a problem.

48
00:03:42,270 --> 00:03:49,950
So these tokens are very simple in nature and they don't support sharing the user related information

49
00:03:49,950 --> 00:03:51,000
to the client side.

50
00:03:51,120 --> 00:03:58,530
And at the same time, they are not supporting any encryption and encoding mechanisms to play extra

51
00:03:58,530 --> 00:04:00,680
layer of security to your tokens.

52
00:04:00,990 --> 00:04:07,700
Let's try to explore those advanced features by discussing JWT token in the next release.

53
00:04:07,860 --> 00:04:08,390
Thank you.

54
00:04:08,400 --> 00:04:08,820
And by.