New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve OAuth 2.0 / OIDC Integration #6432

Closed
mraible opened this Issue Sep 29, 2017 · 11 comments

Comments

Projects
None yet
3 participants
@mraible
Contributor

mraible commented Sep 29, 2017

This issue is to track the improvements needed to make the OAuth 2.0 / OIDC integration into a wonderful developer experience. The main PR has been merged, these are the items remaining:

@jdubois You mentioned here that documentation should be added in http://www.jhipster.tech/microservices-architecture/. However, I only verified this works in a monolith. I don't believe it will work in a microservices architecture. @danielpetisme created a PR to add microservices support.

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Sep 29, 2017

Member

Oh I thought it would work with microservices :-(
But you made a good decision: let's start simple, and then improve, we'll have this later!

Member

jdubois commented Sep 29, 2017

Oh I thought it would work with microservices :-(
But you made a good decision: let's start simple, and then improve, we'll have this later!

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Sep 29, 2017

Member

@mraible I edited your "todo list" to add a new item on documentation

Member

jdubois commented Sep 29, 2017

@mraible I edited your "todo list" to add a new item on documentation

@mraible

This comment has been minimized.

Show comment
Hide comment
@mraible

mraible Sep 29, 2017

Contributor

PR #6436 fixes the redirect to localhost:9000 issue.

Contributor

mraible commented Sep 29, 2017

PR #6436 fixes the redirect to localhost:9000 issue.

@mraible

This comment has been minimized.

Show comment
Hide comment
@mraible

mraible Sep 29, 2017

Contributor

@deepu105 Do you have any advice on how to default to Angular 4 and disable prompting when OAuth 2.0 is selected?

Contributor

mraible commented Sep 29, 2017

@deepu105 Do you have any advice on how to default to Angular 4 and disable prompting when OAuth 2.0 is selected?

@mraible

This comment has been minimized.

Show comment
Hide comment
@mraible

mraible Sep 29, 2017

Contributor

@jdubois For the docker-compose sub-generator, should I prompt to see if the user wants Keycloak, or just assume they do if authenticationType === "oauth2"? The reason I ask is because they might not need Keycloak if they've configured a different IdP for their app.

Contributor

mraible commented Sep 29, 2017

@jdubois For the docker-compose sub-generator, should I prompt to see if the user wants Keycloak, or just assume they do if authenticationType === "oauth2"? The reason I ask is because they might not need Keycloak if they've configured a different IdP for their app.

@deepu105

This comment has been minimized.

Show comment
Hide comment
@deepu105

deepu105 Sep 29, 2017

Member

@mraible i'll do that on master tomorrow

Member

deepu105 commented Sep 29, 2017

@mraible i'll do that on master tomorrow

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Sep 30, 2017

Member

@mraible

  • for the docker-compose sub-generator: if they have selected authenticationType === "oauth2" yes you should add automatically the Docker Compose configuration for Keycloak (doesn't do much harm anyway). But yes don't hesitate to do some advertisement for Okta - at least on the documentation (I don't think anybody would use that feature without reading the documentation)
  • then there is something I'm not sure I fully understand: do you store anything in the Servlet HttpSession? I know this is supposed to be stateful, but I don't find where it's done, is that automatic with Spring Security? Anyway, I'm wondering what happens when you scale your application: if you don't have HTTP session clustering, does it work? Otherwise, does it work out-of-the-box with our Hazelcast and Infinispan session clustering?
Member

jdubois commented Sep 30, 2017

@mraible

  • for the docker-compose sub-generator: if they have selected authenticationType === "oauth2" yes you should add automatically the Docker Compose configuration for Keycloak (doesn't do much harm anyway). But yes don't hesitate to do some advertisement for Okta - at least on the documentation (I don't think anybody would use that feature without reading the documentation)
  • then there is something I'm not sure I fully understand: do you store anything in the Servlet HttpSession? I know this is supposed to be stateful, but I don't find where it's done, is that automatic with Spring Security? Anyway, I'm wondering what happens when you scale your application: if you don't have HTTP session clustering, does it work? Otherwise, does it work out-of-the-box with our Hazelcast and Infinispan session clustering?
@deepu105

This comment has been minimized.

Show comment
Hide comment
@deepu105

deepu105 Sep 30, 2017

Member

@mraible i didn't disable prompting as I figured we would soon add React there anyway so I just removed Angular 1 from options when oauth selected, IMO its better as user wont be confused why the prompt didn't show up and in Oauth2 docs we need to say that Angular 1.x is not supported

Member

deepu105 commented Sep 30, 2017

@mraible i didn't disable prompting as I figured we would soon add React there anyway so I just removed Angular 1 from options when oauth selected, IMO its better as user wont be confused why the prompt didn't show up and in Oauth2 docs we need to say that Angular 1.x is not supported

@mraible

This comment has been minimized.

Show comment
Hide comment
@mraible

mraible Sep 30, 2017

Contributor

then there is something I'm not sure I fully understand: do you store anything in the Servlet HttpSession? I know this is supposed to be stateful, but I don't find where it's done, is that automatic with Spring Security? Anyway, I'm wondering what happens when you scale your application: if you don't have HTTP session clustering, does it work? Otherwise, does it work out-of-the-box with our Hazelcast and Infinispan session clustering?

@jdubois The only thing I store in the session is the login-origin-uri for redirecting back to the correct location for the client in dev mode. All the rest is handled automatically by Spring Security. I'm guessing it'll work with Hazelcast and Infinispan for session clustering, but haven't tested.

Contributor

mraible commented Sep 30, 2017

then there is something I'm not sure I fully understand: do you store anything in the Servlet HttpSession? I know this is supposed to be stateful, but I don't find where it's done, is that automatic with Spring Security? Anyway, I'm wondering what happens when you scale your application: if you don't have HTTP session clustering, does it work? Otherwise, does it work out-of-the-box with our Hazelcast and Infinispan session clustering?

@jdubois The only thing I store in the session is the login-origin-uri for redirecting back to the correct location for the client in dev mode. All the rest is handled automatically by Spring Security. I'm guessing it'll work with Hazelcast and Infinispan for session clustering, but haven't tested.

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Sep 30, 2017

Member

@mraible great, so this should be tested, but indeed that should be OK

Member

jdubois commented Sep 30, 2017

@mraible great, so this should be tested, but indeed that should be OK

danielpetisme added a commit to danielpetisme/generator-jhipster that referenced this issue Oct 11, 2017

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Oct 17, 2017

Member

Closing this as it's all done

Member

jdubois commented Oct 17, 2017

Closing this as it's all done

@jdubois jdubois closed this Oct 17, 2017

@jdubois jdubois added this to the 4.10.0 milestone Oct 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment