Github and Facebook - OAuth Login and Spring boot

https://www.youtube.com/watch?t=2&v=CWiwpvpCrro&feature=youtu.be

https://start.spring.io/   [Spring Initializer]

https://spring.io/guides/tutorials/spring-boot-oauth2/#github-application-config

https://developers.facebook.com/

Add a New Application ID in Facebook and add its details in Spring boot 

application.yml 

Highlighted Yellow below for Github

By this Spring comes to know where to authenticate , 

Who is requesting Authentication on behalf of User

spring:

  security:

    oauth2: 

      client:     

        registration:

          github:

            clientId: github-client-id 

            clientSecret: github-client-secret

Microservices

https://www.youtube.com/watch?v=j1gU2oGFayY&list=RDCMUCYt1sfh5464XaDBH0oH_o7Q&index=2

Modularized Source code - Built Separately

Smushed Together -> 1 Deployment Entity

----------------------------------------------------------

Web Apps became complex

So deploying them as 1 Deployment unit was a challenge

Complexity increased Deployment Size 

1 New Guy makes his 1st Commit -> and do we need to deploy whole thing all over again

Monolithic Architecture - "Smushed"

Sales -> Festivals -> Spike Traffic 

Scalability for deployment 

A small portion/module of App needs to be scaled - Not Whole App 

What can be done better here ?

Test only 1 Sub App - 1 Microservice

Scale only that 1 Microservice

Talk to each other -> using Rest

Smaller Mini Applications instead of 1 Big Monolith

Advantages

2) Technology 
3) Scalable 

1) Deployment Flexibilty 

CONS/Disadvantages

1) Architecture - How to Split Services/Where???
2) Service Discovery -> Which Services to call ?

SPA vs MPA - Single Page App vs Multi Page App

https://www.youtube.com/watch?v=F_BYg2QGsC0

https://www.youtube.com/watch?v=xfGciVdbktI
https://www.youtube.com/watch?v=F_BYg2QGsC0

MPA vs SPA - MultiPage Application vs SinglePage Application

Multipage Application  - New Html-File for every Request - PHP/NodeJs/JSP - Server Side Renders Your HTML page to browser - e.g -  www.nytimes.com

Spinner Spins here, everytime.

angular.io 

Reload Icon Does not changes at all - No Page Fetch Happening - "No Spinner" there

1st Time -  Lots of JS, Assests/CSS/Images, 1 HTML Page gets downloaded

There would be never be another HTML Page .

Javascript - Helper Framework - Angular, React, Vue

at each click - It fetches JSON Date - Javascript parses - 

Then JS listens to all activities like click and performs DOM Manipulation

Single Page Application Always Better than MPA ? 

No. Not every time.

Lets consider pros and Cons.

::SPA ::                                                  

SuperFast/Very Responsive/Desktop App - Slack                   

Decoupled Frontend - Styling - ServerSide Code is  just API - not the "Server Side Rendering"

SEO is a Challenge - (Asynchronously Data- Web Crawler)

Javascript is absolutely needed

Older Browser not favoured out of box

::MPA::

SEO - Big Advantage!!! - Crawler Sees , What User Sees

Vast Support , Doc

Slow - Load Pages

Tight/Some level of Coupling of Backend - Frontend => "Server Side Page Rendering"

RPC vs Rest vs GraphQL

https://speakerdeck.com/nbarbettini/api-throwdown-rpc-vs-rest-vs-graphql
https://www.jamasoftware.com/blog/rest-api-design/
https://www.freecodecamp.org/news/three-ways-to-balance-between-chunkiness-and-chattiness-of-your-rest-api-67e60b7bcca7/

• Chattiness vs Chunkiness        or      Fine-Grained vs Coarse-Grained
• Resource Design vs Process Flows
• DataRequired/Schema/Filter - GraphQL [Query/Mutation]  ????
• Linked Resources ???

https://speakerdeck.com/nbarbettini/api-throwdown-rpc-vs-rest-vs-graphql

https://speakerdeck.com/nbarbettini/api-throwdown-rpc-vs-rest-vs-graphql

False Positive and False Negative

 https://www.mathsisfun.com/data/probability-false-negatives-positives.html

JWT - Json Web Tokens

 JWT - Json Web Token

JWT pronounced as - "JAWT" - Yes, There is 'A' in Sound 

JWT - is Base64 encoded Token

It has 3 parts - Header, Payload and Signature

Its contents are easily deciphered, so no private info should be inside it

Signature needs a key - which is possessed only by Auth Server

So, JWT can not be tampered with

It can be stolen as such as a whole by malicious person 

So care must be taken when we share JWT token

https://www.youtube.com/watch?v=soGRyl9ztjI

https://www.youtube.com/watch?v=_XbXkVdoG_0

https://jwt.io/#debugger-io

----------------------------------------------------------------------

JWT is a Value Token - Whatever is allowed - is written here - Its a "Value Token" - All content required is present in token itself.

JSESSIONID - is a Reference Token - Token refers to some state stored at server.

Editing Word Doc .doc .docx in Java

https://poi.apache.org/components/document/quick-guide-xwpf.html

http://svn.apache.org/viewvc/poi/trunk/src

http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/xwpf/

http://svn.apache.org/repos/asf/poi/trunk/src/examples/src/org/apache/poi/examples/xwpf/usermodel/

https://kodejava.org/how-do-i-replace-text-in-microsoft-word-document-using-apache-poi/

https://www.baeldung.com/java-microsoft-word-with-apache-poi

https://coderanch.com/wiki/660241/Create-Word-Document