-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Processing JWT groups in OIDC provider #1264
Comments
Ok, I'm a little bit confused on the difference between JwtAuthProvider and JwtProvider and how to correctly configure the corresponding Maven dependencies. I think it is as follows:
OIDC:
JWT Auth is the one that confuses me a little as
Both OIDC and JWT need the additional code to map groups to roles. I can now get all three providers to work - only the JWT-Auth one has the group to role mapping code in the current Helidon codebase. |
Jwt Auth provider is an implementation of a MicroProfile specification. |
Yes please, that would be great. BTW, I do plan to use MP JWT-Auth as my application is based on Helidon-MP - I assume that would be the recommendation? |
That really depends on what you want to achieve. If you have security resolved in your infrastructure (e.g. redirection to login page etc.) and you have a JWT in each header, then the MP JWT-Auth is the simplest way to go. |
I will add the groups feature to OidcProvider and JwtProvider. Delaying the refactoring to #478 |
Using Helidon 2.0-SNAPSHOT with OIDC and I am trying to get the @RolesAllowed annotations working. I can see that the user groups are being returned by the OIDC provider, however, the groups are not being translated into roles in the Subject. Comparing io.helidon.security.providers.oidc.OidcProvider against io.helidon.microprofile.jwt.auth.JwtAuthProvider I can see that the latter has these additional lines of code:
Not sure if #478 would fix this.
The text was updated successfully, but these errors were encountered: