Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement OIDC authentication UI #1519

Closed
chrismatix opened this issue Apr 12, 2021 · 2 comments · Fixed by #1737
Closed

Implement OIDC authentication UI #1519

chrismatix opened this issue Apr 12, 2021 · 2 comments · Fixed by #1737
Assignees
@chrismatix
Labels
inbox
Milestone
Implement OIDC au...

Comments

@chrismatix
Copy link
Contributor

chrismatix commented Apr 12, 2021
edited
Loading

Prerequisite: #1518

With OIDC the authentication state will be managed entirely by Spring as an HTTP session. This means that the frontend no longer has to store/handle a JWT for authentication. However, the inbox UI still needs to be aware of who is currently authenticated or not.

To address this problem #1518 adds a /users.getPrincipal endpoint that will return the profile information of the currently logged-in users.

So the flow would be as follows:

  1. User loads the react app
  2. App requests /client.config before rendering anything
  3. If principal present: Store the user information in redux (not local storage) and proceed
  4. If 403 unauthorized: Redirect to oidc auth endpoint (see docs provided in Add OIDC authentication middleware #1518)

If the oidc flow is successful the backend will redirect the user back to the app after 4. and the process will repeat.
@chrismatix
Copy link
Contributor Author

@lucapette I think an even simpler implementation of this would be to move the inbox UI to the communication pod already. That way accessing the frontend itself is subject to authentication and the frontend does not need to implement any re-directs.

@chrismatix
Copy link
Contributor Author

chrismatix commented Apr 30, 2021
edited
Loading

And since this would mean that we would replace Lua with (most likely) freemarker we can also pre-render in the user information so that the UI does not have to make a separate request to /users.getProfile

chrismatix pushed a commit that referenced this issue May 5, 2021
[#1519] Implement auth UI behavior
54fc71a
@chrismatix chrismatix mentioned this issue May 5, 2021
Merged
chrismatix added a commit that referenced this issue May 6, 2021
@chrismatix
[#1519] Implement auth UI behavior (#1737)
87e5760
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chrismatix chrismatix

Labels
inbox
Projects
None yet
Milestone
Implement OIDC authentication
Development

Successfully merging a pull request may close this issue.

[#1519] Implement auth UI behavior airyhq/airy
1 participant
@chrismatix