can somebody show how to configure a SPRING-BOOT back-end (web app) to work with a JWT token, that is valid and issued for the back-end by google. I cannot find any example. The spring security configuration is missing something.
I've configured the Spring boot adapter to work with a web application. But it's a different flow. The redirects for Android for example do not pass through the back-end. And so a new user that is logging in from a mobile device has a valid token but doesn't trigger a login or registration process.
Kind Regards :)
Related
I am working on a Spring Boot application (that I inherited) with a login screen that connects to a local database to check the username and credentials, then originally it called Okta authentication to match the username and password and check credentials. My client no longer wishes to use Okta and has asked me to switch to Google OAuth2.0 for User Authentication. My only question is it seems using that service forces the user to log into the application with their Google Credentials in a google login screen. Is it possible to have the users login credentials from the applications login screen log into their google account on the backend to check credentials rather than have the user themselves login twice? I know that this is a bit of a backwards approach, but due to the current infrastructure of the application (which is currently getting a face lift) this is what we need to do in the immediate.
I have been reading all of the OAuth2.0 documentation and watched a few tutorials, but cannot find anyone trying to do exactly what I am trying to do.
I need to build microservice architecture like in the image. The question is how do I must authenticate users in resource service using keycloack. Do I must to get the token from UI app and add this token manually in the app or there is some automatic method using spring app to get info from the resource service?
If I need to add it manually then how can I get this token inside the app?
Keycloak provides spring security integration module. It renders login form for your UI application that authenticates user against keycloak. The token is stored then in session. Keycloak plugin is responsible to validate the token against keycloak server.
https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/spring-security-adapter.adoc
I am trying to secure my application using OAuth. I have client application(UI) build in react and back-end is in Spring Boot. I have an OAuth server configured which will be taking care of authenticating the user.
I am really confused if React application should talk to Auth server and get the token or Spring Boot should get the token.
After reading multiple articles I thought about flows:
User will go to ReactApp home page and ReactApp will redirect it to OAuth Server login page(/authorize)
OAuth server will authenticate the user credential and redirect the user to ReactApp home page with code
ReactApp will send the code to Spring Boot server using the API endpoint
Spring Boot server will use the code(along with client Id and client secret) and get the token from Auth Server and send that token to ReactApp for further communication
Question:
Is this the standard flow?
How secure the application is using this flow?
Is it a good idea to do some part in UI and another part of authentication in the backend ?(code in UI(ReactApp) and token in back-end(Spring Boot))?
Is there any better way than this?
Any help would be appreciated.
I have my Spring Boot application, that provides some rest endpoints. Those rest endpoints need security, and I want to use the Oauth2 for it.
My idea is to use Google oauth2 token for that. I don't want to provide login functionality in my Spring Boot app, so I just want to check that the Bearer token is there and get the user info from it to display his/her data accordingly.
I'm checking this tutorial, but I don't think it's exactly what I want
https://www.baeldung.com/spring-security-5-oauth2-login
I would like to explain some scenrios that should be considered while deciding the security approach:
If your application users exists in google, means users having google accounts, then you can go for google authorization server oauth 2.0 https://developers.google.com/identity/protocols/OAuth2, In this case your should register on google developer portal, and application will recieve the access and refresh token after successful authentication of users. After that OpenId call can be made to google to get the user information
Above flow and integration will same as, Like you see the link on Quora application for "Login via google".
Now in services you can request validate the Bearer token via google oauth 2.0 validate endpoint and call the userinfo endpoint to fetch the user information.
if you go for JWT token then there wont be requirement to reach out to google authorization server for token validation and userinfo call.
Second approach is to build your own oauth 2.0 server using springBoot - https://spring.io/guides/tutorials/spring-boot-oauth2/
Use API gateway layer for token validation and further authorization can be done on microservices using spring security.
At the end of this tutorial you have more info for Google’s userInfo endpoint response:
https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo
You can check there :)
Apologies, I work predominantly with iOS lately, and its been a while since I've worked with Spring.
Tools:
Kotlin
Spring Boot
Spring Social
Problem:
I'm building an app that allows typical 'Login with Facebook' type functionality.
I'd like to send the OAuth token obtained by the iOS client to the backend to authenticate with. If the token is valid, the backend will return successful authentication, otherwise indicate invalid credentials.
After logging in with the OAuth token, some profile information will be retrieved.
Question:
Most of the Get Started guides seem to follow the authentication with OAuth using username and password credentials.
Using Spring Social+Facebook, how can I:
Authenticate using an OAuth access token and retrieve profile data?
It is simple - Spring's FacebookTemplate can be instantiated with an oauth access token as follows:
val facebook = FacebookTemplate("$$TOKEN$$")