Comments (6)
mraible
commented on September 24, 2024
I don't think anything has changed in JHipster's OAuth/OIDC implementations since v7. I'm not sure I understand your question. Can you please rephrase it?
from generator-jhipster.
mshima
commented on September 24, 2024
I confirm the bug.
OAuth2 token is not correctly mapped to the spring security authentication without syncUserWithIdp option.
This option is required in ionic blueprint:
https://github.com/jhipster/generator-jhipster-ionic/blob/c4c2a30002fe3fd5f2ef6a6f402dc21fc2d0ba04/.blueprint/generate-sample/templates/samples/reactive-oauth2.jdl#L12
Otherwise this test fails:
https://github.com/jhipster/generator-jhipster-ionic/blob/c4c2a30002fe3fd5f2ef6a6f402dc21fc2d0ba04/generators/ionic/resources/oauth2/cypress/e2e/login.cy.ts#L22
from generator-jhipster.
dwarakaprasad
commented on September 24, 2024
@mshima I couldn't fully understand the bug here, I am willing to contribute to this one. Let me start with what i understand,
-
With this pr #24632, oauth2 option will by default not generate user related code unless one of this is set gnerateUserManagement or syncUserWithIdp or an entity relating to User built in entity.
-
Currently irrespective of the 'syncUserWithIdp' feature, the endpoint to return account exists (pulls data from the IDP and constructs userVM). This should go away if 'syncUserWithIdp' is not requested.
Also, on the blueprint side, user related code needs to be conditionally generated based on the 'syncUserWithIdp', which is why ionic blueprint started failing when migrated to v8.4.0.
I can default the 'syncUserWithIdpP' similar to nodejs for now until its implemented.
Please let me know.
from generator-jhipster.
mshima
commented on September 24, 2024
@dwarakaprasad
If syncUserWithIdp is true, this api/account is used:
As stated in the issue description UserService does not exists without syncUserWithIdp so this other api/account is used:
UserVM has these attributes:
While User has much more info:
from generator-jhipster.
ndywicki
commented on September 24, 2024
@mshima This is my point.
By default with OAuth2, only basic claims feed api/account response via UserVM.
To have other attributs from IDP (give_name, imageUrl, etc), we need pass the extra --sync-user-with-idp parameter option to use the AccountResource_oauth2.java.ejs that call userService.getUserFromAuthentication() and which of course contain the user sync mechanism.
I couldn't find in the history if there was a reason not to include userservice.getUserFromAuthentication() by default and move the syncUserWithIdp condition here:
This is not really a problem for me, we noticed it because we use a blueprint which takes into account the user's avatar when the IDP is Entra ID (via MS Graph endpoint) and this has changed compared to the version v7 of JHipster.
from generator-jhipster.
mshima
commented on September 24, 2024
Entire UserService is implemented for syncUserWithIdp.
It checks and saves current User at each page visit.
So IMO:
syncUserWithIdpshould be done only once per session.- Account should be retrieved from authentication token even with
syncUserWithIdpinstead of retrieving from database.
from generator-jhipster.
Related Issues (20)
- UI Filtering usage in Angular slight Improvement HOT 3
- OAuth2 Gateways are not passing permissions correctly to microservices.
- ElasticSearch Sort not active by default HOT 5
- Duplicate - please delete it HOT 1
- The requested module 'node:events' does not provide an export named 'addAbortListener' HOT 1
- Schema validation failing because of mismatch column type for BLOB HOT 1
- Cannot see the sources in the browser inspection
- annotation-based options not working HOT 1
- H2 database(in memory) console can not login. HOT 3
- Can't sign in with those default accounts HOT 1
- it's time to make helm, postgresql and redis update to latest version HOT 3
- Liquibase: Update entity constraint changelog producing wrong baseColumnName for ManyToMany relationships
- Simplify QueryService
- Release generator-jhipster 8.7.0 HOT 6
- regrading bug reports HOT 3
- Java Service compilation issue when using ServicesClass with entitySuffix and Elasticsearch HOT 5
- Add eslint auto fix for client frameworks.
- JHipster 8.6.0 behind a corporate proxy HOT 1
- Vue is not updating past v3.4.21
- org.postgresql.util.PSQLException: FATAL: role "jhipster" does not exist HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from generator-jhipster.