In my project i have an angular app where i use https://github.com/manfredsteyer/angular-oauth2-oidc and a SpringBoot backend.
In the UI i copied most of the Stuff from here https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards.
My Code works with https://demo.identityserver.io and with a local Keycloak.
I only have to change the only:
spring.security.oauth2.resourceserver.jwt.jwk-set-uri (in the Backend)
In the frontend "issuer: 'http://localhost:8080/realms/master',"
to fit to the corresponding server
My "Dream" would be to use the spring-authorization-server. In my app i can create User dynamicly, and there for i need to be able to add this user to the authorization-server with a REST call. As fare as i understand, the spring-authorization-server code that should be ease to extend.
I copied over the spring-authorization-server code from https://www.baeldung.com/spring-security-oauth-auth-server with the base spring-authorization-server version: 0.2.0.
The Server starts and my App does the Redirect to the LoginPage. When it comes back from the spring-authorization-server the angular UI OIDC code detect a problem with the "Nonce", sometimes is missing, sometimes it does not match. Unfortunately i was not able to find the reason for that behaviour :-(
As my code works with the other two implementations, i suspect either a misconfiguration or a bug in the spring-authorization-server.
The documentation on spring-authorization-server is pretty slim.
Question: Does somebody know a place where a spring-authorization-server is used with a web client an OpenId Connect?
2.3.2022 Update: I open a Issue at the spring-authorization-server https://github.com/spring-projects/spring-authorization-server/issues/640
I hope this will bring some more info.
Best Regards T
I gave up on angular-oauth2-oidc after days of suffering. With angular-auth-oidc-client it works after 2h :-) They have better documentation and way more examples with different scenarios. I really can recommend it :-)
#Steve Thanks for the hint with the lib angular-auth-oidc-client.
I'm unfamiliar with angular-oauth2-oidc. However, I would recommend angular-auth-oidc-client.
See this branch containing a working sample that uses this client. The sample demonstrates obtaining an access token as a public client as well as authenticating to a backend for frontend application (or BFF, which is the recommended choice) without using any client-side library. We will be presenting a webinar on March 10, 2022 on this topic. You can register here.
You can also check out this sample from SpringOne 2021, which also demonstrates an Angular application utilizing a BFF and retrieving data from a resource server.
Related
I'm fairly new to working with Oauth 2.0, and the place I'm interning asked me to create an app that is runnable from the console and uses the OAuth 2.0 Password grant.
I'm really stumped as to where to start in general. I'd like to write it in either C# or java.
I'd like the app to run once every 24 hours and in extend to that, to run it from powershell using something like run myProgram.exe
The app needs to use webhooks to call the API.
How do I approach this? I'm using Visual Studio 2019.
What kind of project should I create?
I've tried reading a lot of documentation, and know how to do the most of it on paper, but I found the documentation for the initial steps lacking.
Hope you'll be able to help :) Thanks!
Edit:
I realize the question might have been a little too broad.
Essentially, I'd like know if I can create a serverside-web app, without any UI only console-output, that:
connects and gets an accesstoken from the authentication server,
Makes the API-calls
Can be converted to a .exe-file.
Hope that clears it up a bit :)
I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.
Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.
Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me.
So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.
I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)
I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/
Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?
Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?
Thanks in advance!
All box.com's api's read to require OAuth 2.0 using only Authorization Token grant types. I have a back end system that needs to upload a file to a box.com system. However, I do not understand how a back end system is suppose to integrate, when the authorization flow requires user "approval" to get a token.
Anyone ever done this? I am attempting to integrate a java mule app. I attempted to use the components, but they plain do not work at all, they break the entire anypoint studio. Now I am trying to utilize the http component to make the call but I am losing my patience with it.
please help, I am pretty much ready to drop kick this laptop and live in the woods.
Integration with public online API requires a little study, a little coding, and a little testing. I'm not saying it's easy. Take a look here at a Mule component I've recently created that communicates with Toggl, an online timekeeping service.
https://github.com/ciwise/toggl-api-connector
Your question requires a lot of discussion but it's best answered with example. If Box does not provide a Mule component, you can create one yourself.
The HTTP connector is not going to authenticate or perform any operations at Box for you. The HTTP connector provides the HTTP endpoint (URL entry and browser return). To authenticate your application with Box and call API operations, you'll need to do some work.
This is the high-level recipe for my solution with Toggl service (example)
Update your Anypoint Studio with Mule Connector DevKit software
Create an Anypoint Connector project in Anypoint Studio (Eclipse)
My connector provides multiple methods to process and these are used with different instances of the component (connector) in my use flow.
My TogglDataAPIHandler.java makes various checks to see if the application (Mule) is authenticated before making calls to the Application Programming Interface (API). The API is provided by Box so that developers (people writing code) can communicate with the service outside of the web browser. There's no simple answer here. You will have to do some coding. My component/connector is only an example of one way to do this (communicate programmatically with the API).
Build and install the connector(component) locally so that we can see it in the Mule Design Palette.
Drag as many of our new component (Anypoint connector) as needed into our flow canvas.
Test the flow.
I hope that helps. Take a look at my Github repo and Mule Connector. There's a wealth of information in anyone's code. But, integration with an API requires code. You can also search the Exchange for a Box connector. If you find one, then your life is simpler. You still need to read this thoroughly:
https://docs.box.com/docs
I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.
My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.
Have you looked at Thinktecture.IdentityServer v3? I'm at the moment using it and very simple to use.
It is still in Beta but RTM will be available soon. It has good documentation and samples too.
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki
Update:
Identity Server 4 is also available. It supports cross-platform deployment with .NET Core.
https://github.com/IdentityServer/IdentityServer4/
Have you looked at the MSDN article by Michele Leroux Bustamante?
It's a little old and based on WCF, but it has code accompanying it.
Building A Custom Security Token Service
If you want ASP.NET based example, Microsoft published this:
ASP.NET Security Token Service Web Site
There's also this STS project on CodePlex.
I'm trying to secure my MVC4 Web Api. Actually, I just really need an identity provider with some light security. My service is similar to twitter, from a security standpoint, there's not a lot of private data, but the service does need to know the userid for the caller.
It's also important to know that the web service will only be consumed by mobile devices right now, although a website may accompany it at some future point.
S.O. and the internet have led me to Thinktecture.IdentityModel, but man it seems complex and I can find exactly zero documentation or samples. I also haven't yet had a pleasant experience with claims-based authentication. I don't have a claims server, token provider, or anything like that, and it seems like you would need that to use this method. This all seems far to heavy for my situation.
I've also read about people implementing their own HMAC solution (https://github.com/cuongle/WebAPI.Hmac) or using OAuth (https://github.com/maksymilian-majer/DevDefined.OAuth) but these also seem a bit complex (I've read that OAuth without the helper class is enough to make the best developers cry, and I'm not the best). Janrain looks like it might work, but it looks like you have to pay for more than 2,500 authenticated users per year ...
What is the best way to implement a simple identity provider and security for Web Api?
Thanks!
I have attempted to answer a similar question to this before Create an OAuth 2.0 service provider using DotNetOpenAuth where I highlighted the Thinkecture Identity Server. The Setup instructions not too difficult (IMHO) The installation video is here and should help a lot.
I have updated my older answer with this too but there is also a fairly lightweight O-Auth 2.0 implementation example here Sample code here http://code.google.com/p/codesmith/downloads/detail?name=OAuth2.zip&can=2&q=#makechanges
Have you also read this well articulated question here Authenticating requests from mobile (iPhone) app to ASP.Net Web API (Feedback requested on my design)
Well, security is hard :)
As for Thinktecture.IdentityModel -- this is a token processing library (among other things) that you'd use in your WebAPI application. You'd use this so you don't need to do the logic to accept tokens (basic auth, SAML, SWT, JWT). Claims are just a side-effect.
If you're looking for an identity provider, then the sister open source project Thinktecture.IdentityServer is in beta for version 2. It's an identity provider that supports a custom database and issues tokens. The project URL is:
http://thinktecture.github.com/Thinktecture.IdentityServer.v2/
In response to the problem of finding example code as documentation, consider the samples folder in the Thinktecture github repo: https://github.com/thinktecture/Thinktecture.IdentityModel.45/tree/master/Samples
(Why do you need more reputation to comment on SO than to answer?)