Comments (6)
I don't think anything has changed in JHipster's OAuth/OIDC implementations since v7. I'm not sure I understand your question. Can you please rephrase it?
from generator-jhipster.
I confirm the bug.
OAuth2 token is not correctly mapped to the spring security authentication without syncUserWithIdp
option.
This option is required in ionic blueprint:
https://github.com/jhipster/generator-jhipster-ionic/blob/c4c2a30002fe3fd5f2ef6a6f402dc21fc2d0ba04/.blueprint/generate-sample/templates/samples/reactive-oauth2.jdl#L12
Otherwise this test fails:
https://github.com/jhipster/generator-jhipster-ionic/blob/c4c2a30002fe3fd5f2ef6a6f402dc21fc2d0ba04/generators/ionic/resources/oauth2/cypress/e2e/login.cy.ts#L22
from generator-jhipster.
@mshima I couldn't fully understand the bug here, I am willing to contribute to this one. Let me start with what i understand,
-
With this pr #24632, oauth2 option will by default not generate user related code unless one of this is set gnerateUserManagement or syncUserWithIdp or an entity relating to User built in entity.
-
Currently irrespective of the 'syncUserWithIdp' feature, the endpoint to return account exists (pulls data from the IDP and constructs userVM). This should go away if 'syncUserWithIdp' is not requested.
Also, on the blueprint side, user related code needs to be conditionally generated based on the 'syncUserWithIdp', which is why ionic blueprint started failing when migrated to v8.4.0.
I can default the 'syncUserWithIdpP' similar to nodejs for now until its implemented.
Please let me know.
from generator-jhipster.
@dwarakaprasad
If syncUserWithIdp is true, this api/account
is used:
As stated in the issue description UserService does not exists without syncUserWithIdp
so this other api/account
is used:
UserVM has these attributes:
While User has much more info:
from generator-jhipster.
@mshima This is my point.
By default with OAuth2, only basic claims feed api/account
response via UserVM
.
To have other attributs from IDP (give_name, imageUrl, etc), we need pass the extra --sync-user-with-idp
parameter option to use the AccountResource_oauth2.java.ejs
that call userService.getUserFromAuthentication()
and which of course contain the user sync mechanism.
I couldn't find in the history if there was a reason not to include userservice.getUserFromAuthentication()
by default and move the syncUserWithIdp
condition here:
This is not really a problem for me, we noticed it because we use a blueprint which takes into account the user's avatar when the IDP is Entra ID (via MS Graph endpoint) and this has changed compared to the version v7 of JHipster.
from generator-jhipster.
Entire UserService is implemented for syncUserWithIdp
.
It checks and saves current User at each page visit.
So IMO:
syncUserWithIdp
should be done only once per session.- Account should be retrieved from authentication token even with
syncUserWithIdp
instead of retrieving from database.
from generator-jhipster.
Related Issues (20)
- UI Filtering usage in Angular slight Improvement HOT 3
- OAuth2 Gateways are not passing permissions correctly to microservices.
- ElasticSearch Sort not active by default HOT 5
- Duplicate - please delete it HOT 1
- The requested module 'node:events' does not provide an export named 'addAbortListener' HOT 1
- Schema validation failing because of mismatch column type for BLOB HOT 1
- Cannot see the sources in the browser inspection
- annotation-based options not working HOT 1
- H2 database(in memory) console can not login. HOT 3
- Can't sign in with those default accounts HOT 1
- it's time to make helm, postgresql and redis update to latest version HOT 3
- Liquibase: Update entity constraint changelog producing wrong baseColumnName for ManyToMany relationships
- Simplify QueryService
- Release generator-jhipster 8.7.0 HOT 6
- regrading bug reports HOT 3
- Java Service compilation issue when using ServicesClass with entitySuffix and Elasticsearch HOT 5
- Add eslint auto fix for client frameworks.
- JHipster 8.6.0 behind a corporate proxy HOT 1
- Vue is not updating past v3.4.21
- org.postgresql.util.PSQLException: FATAL: role "jhipster" does not exist HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from generator-jhipster.