Comments (9)
jameskleeh
commented on June 25, 2024
It's not clear to me what you're trying to do
from micronaut-security.
juliuskrah
commented on June 25, 2024
I want to be able to validate Oauth2 Jwt tokens in a stateless manner using the JWK_Set Url for public key validation. Similar to what Spring Security 5 does for Oauth2 resource server.
What I have done now is use a filter to validate all Jwt Bearer tokens in the Authorization header.
At the moment Micronaut Security Oauth2/OIDC support is stateful using a cookie mechanism.
from micronaut-security.
jameskleeh
commented on June 25, 2024
@juliuskrah That is already being done. The token returned by OpenID providers is validated against their key set URL. The only thing that is stateful is the storage of state/nonce so that it can be validated after the redirect.
from micronaut-security.
juliuskrah
commented on June 25, 2024
I’m aware of this. In a Microservice architecture only one service, usually the UI will handle the Login (Authorization Code Flow), other services will deal with just the Bearer Tokens.
These tokens must be validated.
Micronaut puts these tokens in the cookie which I cannot validate in the Authorization flow.
In my case one Micronaut service works with Auth Code flow with tokens created by Micronaut stored cokies. This service communicates with another Micronaut app by sending the original Jwt from the Identity Provider in the header.
The second service (resource server) must validate the Jwt against the identity provider (no need for another login via Auth flow). This is the portion that’s missing, the verification with the public key.
I hope this clarifies stuff
from micronaut-security.
jameskleeh
commented on June 25, 2024
Micronaut puts these tokens in the cookie which I cannot validate in the Authorization flow.
That is only the case if you have configured it to do so. That is not the default. You can enable the keys controller in the authorization service and have the other services use that
https://micronaut-projects.github.io/micronaut-security/1.2.x/guide/#keys
https://micronaut-projects.github.io/micronaut-security/1.2.x/guide/#jwks
from micronaut-security.
juliuskrah
commented on June 25, 2024
I will look at this and revert
from micronaut-security.
juliuskrah
commented on June 25, 2024
@jameskleeh this works. I used
micronaut:
security:
enabled: true
token:
jwt:
enabled: true
signatures:
jwks:
keycloak:
url: 'https://<domain>:<port>/auth/realms/<realm>/protocol/openid-connect/certs'I wasn't interested in the keys endpoint.
Question: Any suggestion on how to customize the getName() to use preferred_username instead of Subject?
Question: Also any suggestion on how to extract the roles or scopes to participate in the @Secured({"ROLE_ADMIN", "ROLE_X"}) flow
from micronaut-security.
jameskleeh
commented on June 25, 2024
Please ask questions in Gitter
…On Mon, Sep 23, 2019 at 5:21 PM Julius Krah ***@***.***> wrote:
@jameskleeh <https://github.com/jameskleeh> this works. I used
micronaut:
security:
enabled: true
token:
jwt:
enabled: true
signatures:
jwks:
keycloak:
url: 'https://<domain>:<port>/auth/realms/<realm>/protocol/openid-connect/certs'
I wasn't interested in the keys endpoint.
Question: Any suggestion on how to customize the getName() to use
preferred_username instead of Subject?
Question: Also any suggestion on how to extract the roles or scopes to
participate in the @secured({"ROLE_ADMIN", "ROLE_X"}) flow
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#77?email_source=notifications&email_token=AAMCVLI3AR3YAJ6S6RL63TLQLEXOHA5CNFSM4IWR2QZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7MJ6QA#issuecomment-534290240>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAMCVLOM2IJQVI5SBVXM3DDQLEXOHANCNFSM4IWR2QZA>
.
from micronaut-security.
juliuskrah
commented on June 25, 2024
Copy that
from micronaut-security.
Related Issues (20)
- Token Propagation and OpenID "azp" claim validation issues HOT 3
- Unable to login via a form HOT 2
- Micronaut 4 non-documented breaking changes
- Micronaut 4 upgrade document does not mention about the breaking changes of Micronaut Security HOT 2
- custom role claims in Id/Access tokens are missing in Micronaut generated JWTs HOT 3
- security-processor module HOT 2
- Non-reactive TokenValidator HOT 4
- Update JWT Authentication guide to don't use deprecated APIs HOT 1
- OAuth2 flow Authorization Token is duplicated when Retry occurs with Rxjava HOT 9
- Add locale and host to Micronaut security events
- Docs: Token Propagation requires io.micrometer:context-propagation HOT 1
- ReadTimeoutException loading JWK causing exponential resource consumption since 4.5.0 HOT 9
- `file:` prefix is not working for static jwks configurations
- JwksSignature error when used from HttpServerFilter HOT 3
- Session based authentication doesn't work with Micronaut framework version 4.3.8 or later HOT 3
- Since Micronaut Security 4.6.8 route match is randomly null in the SecurityFilter HOT 32
- Micronaut 4.x.x ResponseClosedException happend at OAuth 2.0 HOT 1
- Cusom Secured-based annotations don't work HOT 4
- Multiple @CreatedBy does not register authenticated user in database
- Reative implementation of validation with remote JWKS fetch keys on every validations HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from micronaut-security.