We want to integrate the spring cloud starter gateway with AWS cognito to validate the token and get the user role.
Everywhere i can see people are integrating AWS API-gateway with cognito.
One more query: Whenever user signup in aws cognito, based on some criteria, role has to be assigned. To differentiate between users.
Please do help.
Related
I have a Spring Boot App (REST API only) which I want to connect to Azure AD B2C for the User Management. I created the Active Directory B2C, registered my app, and set up a Sign in and Aign up User Flow. I read a lot about how to connect that to Spring Security for authorization. Also, I saw those two endpoints that I can use:
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token
But how can I actually CREATE a new User? Is there an endpoint for the sign up, that I can call with an email and password and that creates a User Account in my Azure AD B2C Tenant?
We have a spring boot REST API which will be used by mobile client. Azure AD is used for auth. We need to generate access token for initial testing spring boot REST API. What is the recommended option for this?
Basically we need to to generate access token using client credentials and call the REST API end point using the access token. Then on the REST API, validate access token and print the app roles assigned in Azure AD.
To get the access token from Azure AD to authenticate and authorize users from Azure AD.
First, you need to register both the application mobile client and spring boot applications in your Azure AD. Refer register your application in the Azure AD.
To generate access token using client credentials flow, there would be no user involvement, so your server application needs to create an appRole, and then grant the app Role as an application permission to the client application.
The administrator must grant the correct application permissions via a consent process to access the application.
Configure the application's details registered in Azure AD to your spring boot application.properties file with application id, tenant id, client-secret and scope.
Refer guide to configure client application to access a web API using spring boot step by step.
I am developing a web application where I have React as my Frontend and Spring boot as the Backend REST API. I have authentication mechanism setup where user can login with email and password. My application will be used by a group of people for a company. The admin user will login initially and sends invites to other people in the group with predefined access privileges available in the application. How can I implement this type of role based access in spring boot.
I gone across Spring security for role based access, but I didn't find how to create custom fine grained roles based on our web application. Please someone help just to give me the path I need to go.
P.S: I want to implement the way AWS or other cloud providers implement there IAM roles to assign it to different users in their organization but not as complex but a similar functionality
This could sound like a very noob question, so let me apologies first.
We have multiple lambda services (JavaScript) added that uses AWS cognito. I know that AWS cognito is majorly designed for authentication and authorisation in serverless architecture.
But now I have a microservice written in Java using spring boot which is deployed behind the AWS api gateway. The gateway is running as a proxy to the service's resources. So our client app authenticates users using cognito and used Authorization and api key to access our services which have AWS_IAM and api key authenticating every request to the service on the gateway.
To perform some tasks in the service cognitoIdentityId is required. In case of JS lambda services we receive it in the event json in its context field. But I could not find any way for the spring-boot service to receive it. Neither HttpSession nor HttpServletRequest have that info. Requests are not directly authenticated with the service so spring SecurityContext's principal is also empty/anonymous. The documentation on cognito with http services is very bleak and most of the discussions starts and ends with Lambda.
Can anyone point me to the right direction as how to get the id?
Thanks in advance.
I am trying to use Keycloak as Identity Access Management. Creating client & authenticating user is quite okay between Spring Boot and Keycloak. What I am trying to do is authentication and authorization between Spring Boot microservices. The scenario is as follow.
There are two microservices: service A and service B.
Service A has one non-authenticated api route (api 1) which needs to communicate with authenticated api (api 2) on service B.
Api 2 would like to know which services are requesting and have certain access.
I have tried using service account and search online but no luck with Keycloak. :(
Please help me. Thanks