I'm trying to do a POC project. I want to login just like stackoverflow. User just login their google account without having to register first and forget password in the future.
My stack is Angular + Spring boot. Angular or React shouldn't matter here. I have did some research and see how people setup on Google GCP and use it in the webapp.
Ok, now assume I can login in my webapp. I got user's name, picture, etc. How would my Spring boot server auth with the info I got from google?
Any help is appreciated!
Usually, you would get a JWT from Google (or other type of token) that you need to send to your Spring Boot server.
The server should then be configured to verify the token. See https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/index.html and https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html (for JWT).
Basically, add spring-security-oauth2-resource-server (and spring-security-oauth2-jose if JWT) and set the issuer-uri in your applications.(yml | properties)
I think it is https://accounts.google.com/ for Google. This also assumes that you have created app/oauth2 in google console. See https://developers.google.com/identity/protocols/oauth2/openid-connect for details.
Related
If I deploy my service in (cloud run) as no-allow-unauthenticated, I can add a user with cloud run invoker role to secure the API. Then user can login to gcloud and set the token in the authorization header to access the service.
My question here is, can I send the Google authorization token via a different header instead of authorization?
The reason why I am using google token is to protect staging(development) env to only allow access to the dev team. My Spring Boot app doesn't need any protection under google platform as it has its own oAuth mechanism - authorization header is being used by spring boot.
Thanks
After a lot time spent, I decided to configure spring boots to deal with another Authorization header name. I left Authorization for GCP.
I‘m not new in either Spring boot or Spring Security but I am in Spring Authentication‘s Server.
Description
I have tree apps:
a spring boot backend,
a flutter frontend and
a Keycloak for authentification.
The Backend has only one login method, that is oauth2 and is client of Keycloak. The login method for the Backend is already implemented and is working, using Authorization code.
The flutter should also log into the Backend using Authorization code, but this part is not yet implemented.
The Backend is the part I‘m responsible of and the workflow should be following:
The user on Flutter tries to login
The Flutter App then requests login from Backend App
Backend App, as an authorization server with only one login method which is Keycloak, redirects the user to Keycloak.
The first authentification and authorization happens on Keycloak.
The Keycloak redirect the user on the Backend.
The Backend finds out who the user is and authorizes him.
The Backend redirect the user to Flutter‘s scheme and then flutter open (or continue).
The Flutter calls the Backend to get tokens.
Now my question is how should I configure the Backend, so that it behaves as Authorization‘s server?
This I what I‘ve tried.
I‘ve used the newly created spring-authorization-server. So my SecurityFilterChain already contains:
…
http
.oauth2Login(withDefaults())
…
Now my backend is resource server for itself and client of itself (I can‘t dissociate it now). So I‘m thinking of
adding .oauth2ResourceServer with the configuration of this same server for verifying the tokens I will issue, and
adding .oauth2Client with again the configurations pointing to this server, for the Flutter app being able to login.
Now I don‘t know how to turn my backend into Autorization server, and to be more precise, how to turn on authorization code for user login.
Thanks for reading. Any help would be appreciated.
I am planning to use Firebase for auth purpose for my Application. The app has a java based back-end using Spring Boot. My understanding so far is that Firebase will handle different type of login options interacting directly with my front-end code and in return will give a token after user has logged in(primarily email based,Google or FB login). I have a few questions:
Does it provide a JWT type token that can be used in conjunction with my back-end without having to talk to Firebase servers from my back-end? I guess its not and SDK provides ways to validate token
Is there a good example of configuring my spring security to validate the the token and get user details?
I could not find a working example with Admin SDK of firebase using spring security.
What other tech stack options I have? I read Amazon Cognito could be one. My app is more of a POC and don't want to host my auth server as well.
What the recommendation on storing the user info in my own back-end or should I just rely on firebase servers to handle my user base?
Pardon my primitive understanding of Auth frameworks!
I'm building a Angular 6 front-end and Spring boot based REST api. Angular app is going to be hosted separately behind a nginx. I want to implement spring security in order to secure REST apis. As per my understanding I need to two following things.
Spring security to authenticate API calls for valid tokens and respond 403 if not
Angular library in order to redirect user to google login and maintain access/refresh tokens, pass access token for api calls in headers and refresh access token if backend respond with 403.
I'm not quite sure whether the authenticate request go via spring backend or directly to google.
I have been searching for a good tutorial for sometime but didn't find one matching my requirement( most are html pages hosted within spring ). So please correct if my understanding on how to do this is wrong and share if there are tutorials.
Check this article. This might be the article which help to you.
Moreover let me know if it worked.
I'm currently developing an app in asp.net core 2. However, i'm having issue configuring swagger properly and the authentication layer for the webapi.
In my instance, I have a web api that is configured with jwt. It uses the app id url as the jwt audience. Swagger is configured to run on top of this service and AAD is set up. However, because it's logging in to itself it has the resource configured as the web api client ID. Login successfully works, but the token does not work with the api calls. The main reason is that there is difference in resource/audience. The token is configured with an audience of the client ID and the webapi is conifgured with a jwtaudience of the app ID URL.
It only works if i configure the jwtAudience to the clientID. I doesn't work if i try to update the swagger resource as the app ID URL.
I need the jwtAudience to be configured to the APP ID URL. I can't figure how to do this thou.
Do i need to modify the AAD manifest to give permission to itself?
Any advice appreciated?
Thanks,
Derek