oktadev / okta-spring-webflux-react-example Goto Github PK

View Code? Open in Web Editor NEW

This project forked from joshlong-attic/matt-and-josh-react-reactively

131.0 18.0 75.0 1.6 MB

Reactive Spring WebFlux API + Real-time React

Home Page: https://developer.okta.com/blog/2018/09/25/spring-webflux-websockets-react

License: Apache License 2.0

HTML 72.21% Shell 0.27% Java 17.82% CSS 0.45% TypeScript 9.25%

reactive spring-boot spring-webflux react reactjs oidc authentication

okta-spring-webflux-react-example's Introduction

Reactive Spring WebFlux API + Real-time React

This example shows how to build a Reactive Spring WebFlux API, secure it with OIDC, then add real-time capabilities to a React client.

Please read Build Reactive APIs with Spring WebFlux to see how this API was created. To see how to build the React app and integrate WebSockets, see Full Stack Reactive with Spring WebFlux, WebSockets, and React.

Prerequisites: Java 8, Maven, and an Okta Developer Account.

Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage, and secure users and roles in any application.

Getting Started
Links
Help
License

Getting Started

Clone this application to your local hard drive using Git.

git clone https://github.com/oktadeveloper/okta-spring-webflux-react-example.git webflux-api-example

To get both the Spring WebFlux API and the React app, you can checkout the react-app branch.

git clone -b react-app https://github.com/oktadeveloper/okta-spring-webflux-react-example.git full-stack-reactive

You will need to create an OIDC Application in Okta to get your settings to log in.

Log in to your developer account on developer.okta.com.
Navigate to Applications and click on Add Application.
Select Web and click Next.
Give the application a name (e.g., Spring WebFlux API) and add the following as Login redirect URIs:
- http://localhost:8080/login/oauth2/code/okta
- http://localhost:3000/implicit/callback
- https://oidcdebugger.com/debug
Click Done, then edit the project and enable "Implicit (Hybrid)" as a grant type (allow ID and access tokens) and click Save.

Copy the settings from your OIDC app into reactive-web/src/main/resources/application.yml:

oidc:
  issuer-uri: https://{yourOktaDomain}/oauth2/default
  client-id: {clientId}
  client-secret: {clientSecret}

spring:
  security:
    oauth2:
      client:
        provider:
          okta:
            issuer-uri: ${oidc.issuer-uri}
        registration:
          okta:
            client-id: ${oidc.client-id}
            client-secret: ${oidc.client-secret}
            scope: openid, email, profile
      resourceserver:
        jwt:
          issuer-uri: ${oidc.issuer-uri}

After making these changes, you should be able to start the app (using ./mvnw in the reactive-web directory), navigate to http://localhost:8080/profiles and log in with your Okta credentials.

If you'd like to run the React client (and you've checked out the react-app branch), you'll need to modify react-app/src/App.tsx to specify your Okta settings.

const config = {
  issuer: 'https://{yourOktaDomain}/oauth2/default',
  redirect_uri: window.location.origin + '/implicit/callback',
  client_id: {clientId}
};

You can start the React app by running the following commands (in the react-app directory):

npm install
npm start

Links

This example uses the following open source libraries:

Help

Please post any questions as comments on the blog post, or visit our Okta Developer Forums. You can also email [email protected] if you'd like to create a support ticket.

License

Apache 2.0, see LICENSE.

okta-spring-webflux-react-example's People

Contributors

Stargazers

Watchers

okta-spring-webflux-react-example's Issues

WebSocket security (auth header)

Would it be possible to use HttpSessionHandshakeInterceptor to get the auth headers?

`
@configuration
@EnableWebSocket
public class WebSocketConfig implements WebSocketConfigurer {

@Override
public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
    registry.addHandler(new MyHandler(), "/myHandler")
        .addInterceptors(new HttpSessionHandshakeInterceptor());
}

}

Access Token only works for ~20 seconds

Steps to reproduce:

Clone the project and its react-app branch:

git clone -b react-app https://github.com/oktadeveloper/okta-spring-webflux-react-example.git full-stack-reactive

You will need to create an OIDC Application in Okta to get your settings to log in.

Log in to your developer account on developer.okta.com.
Navigate to Applications and click on Add Application.
Select Web and click Next.
Give the application a name (e.g., Spring WebFlux API) and add the following as Login redirect URIs:
- http://localhost:8080/login/oauth2/code/okta
- http://localhost:3000/implicit/callback
- https://oidcdebugger.com/debug
Click Done, then edit the project and enable "Implicit (Hybrid)" as a grant type (allow ID and access tokens) and click Save.

Copy the settings from your OIDC app into reactive-web/src/main/resources/application.yml:

oidc:
  issuer-uri: https://{yourOktaDomain}/oauth2/default
  client-id: {clientId}
  client-secret: {clientSecret}

spring:
  security:
    oauth2:
      client:
        provider:
          okta:
            issuer-uri: ${oidc.issuer-uri}
        registration:
          okta:
            client-id: ${oidc.client-id}
            client-secret: ${oidc.client-secret}
            scope: openid, email, profile
      resourceserver:
        jwt:
          issuer-uri: ${oidc.issuer-uri}

Use https://oidcdebugger.com/ to create an access token and paste it into react-app/create-stream.sh.

Start the reactive-web project using ./mvnw spring-boot:run and run ./create-stream.sh. You'll see it works for around 20 seconds, then it starts failing with an error like the following:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: 0
Pragma: no-cache
Referrer-Policy: no-referrer
WWW-Authenticate: Bearer error="invalid_token", error_description="This iss claim is not equal to the configured issuer", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
content-length: 0

If you restart the Spring Boot app and try again, it'll work, but only for around 20 seconds or so.

WebSockets no longer work after adding security

Steps to reproduce:

git clone [email protected]:oktadeveloper/okta-spring-webflux-react-example.git demo
git checkout spring-boot-2.1.5-update
cd demo/reactive-web
SPRING_PROFILES_ACTIVE=demo ./mvnw spring-boot:run

Then in another terminal window, start the client:

cd demo/react-app
npm start

When you hit http://localhost:3000, you'll be prompted to log in. Enter your credentials and you'll be redirected back to the app and the following error will occur.

2019-05-24 14:06:09.139 ERROR 90575 --- [ctor-http-nio-7] r.n.http.server.HttpServerOperations     : [id: 0x4014897b, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:57467] Error finishing response. Closing connection

java.lang.IllegalStateException: Status and headers already sent
	at reactor.netty.http.server.HttpServerOperations.addCookie(HttpServerOperations.java:174) ~[reactor-netty-0.8.8.RELEASE.jar:0.8.8.RELEASE]
	at org.springframework.http.server.reactive.ReactorServerHttpResponse.applyCookies(ReactorServerHttpResponse.java:114) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
	at org.springframework.http.server.reactive.AbstractServerHttpResponse.lambda$null$8(AbstractServerHttpResponse.java:231) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
	at reactor.core.publisher.MonoRunnable.subscribe(MonoRunnable.java:49) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoCallableOnAssembly.subscribe(MonoCallableOnAssembly.java:82) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.Mono.subscribe(Mono.java:3710) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.FluxConcatIterable$ConcatIterableSubscriber.onComplete(FluxConcatIterable.java:146) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.FluxConcatIterable.subscribe(FluxConcatIterable.java:60) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.FluxOnAssembly.subscribe(FluxOnAssembly.java:122) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoIgnoreElements.subscribe(MonoIgnoreElements.java:37) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoOnAssembly.subscribe(MonoOnAssembly.java:61) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoOnAssembly.subscribe(MonoOnAssembly.java:61) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoIgnoreThen$ThenIgnoreMain.drain(MonoIgnoreThen.java:153) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:56) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoOnAssembly.subscribe(MonoOnAssembly.java:56) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoPeekFuseable.subscribe(MonoPeekFuseable.java:70) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoOnAssembly.subscribe(MonoOnAssembly.java:56) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoPeekTerminal.subscribe(MonoPeekTerminal.java:61) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.core.publisher.MonoOnAssembly.subscribe(MonoOnAssembly.java:61) ~[reactor-core-3.2.9.RELEASE.jar:3.2.9.RELEASE]
	at reactor.netty.http.server.HttpServerHandle.onStateChange(HttpServerHandle.java:64) ~[reactor-netty-0.8.8.RELEASE.jar:0.8.8.RELEASE]
	at reactor.netty.tcp.TcpServerBind$ChildObserver.onStateChange(TcpServerBind.java:226) ~[reactor-netty-0.8.8.RELEASE.jar:0.8.8.RELEASE]
	at reactor.netty.http.server.HttpServerOperations.onInboundNext(HttpServerOperations.java:442) ~[reactor-netty-0.8.8.RELEASE.jar:0.8.8.RELEASE]
	at reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:91) ~[reactor-netty-0.8.8.RELEASE.jar:0.8.8.RELEASE]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:161) ~[reactor-netty-0.8.8.RELEASE.jar:0.8.8.RELEASE]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:438) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:323) ~[netty-codec-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:297) ~[netty-codec-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:253) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:682) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:617) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:534) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496) ~[netty-transport-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:906) ~[netty-common-4.1.36.Final.jar:4.1.36.Final]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.36.Final.jar:4.1.36.Final]
	at java.base/java.lang.Thread.run(Thread.java:835) ~[na:na]
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Assembly trace from producer [reactor.core.publisher.MonoRunnable] :
	reactor.core.publisher.Mono.fromRunnable(Mono.java:488)
	org.springframework.http.server.reactive.AbstractServerHttpResponse.lambda$doCommit$9(AbstractServerHttpResponse.java:228)
Error has been observed by the following operator(s):
	|_	Mono.fromRunnable ⇢ org.springframework.http.server.reactive.AbstractServerHttpResponse.lambda$doCommit$9(AbstractServerHttpResponse.java:228)
	|_	Flux.concat ⇢ org.springframework.http.server.reactive.AbstractServerHttpResponse.doCommit(AbstractServerHttpResponse.java:242)
	|_	Flux.then ⇢ org.springframework.http.server.reactive.AbstractServerHttpResponse.doCommit(AbstractServerHttpResponse.java:242)
	|_	Mono.defer ⇢ org.springframework.web.server.adapter.HttpWebHandlerAdapter.handle(HttpWebHandlerAdapter.java:238)
	|_	Mono.then ⇢ org.springframework.web.server.adapter.HttpWebHandlerAdapter.handle(HttpWebHandlerAdapter.java:238)
	|_	Mono.doOnError ⇢ org.springframework.http.server.reactive.ReactorHttpHandlerAdapter.apply(ReactorHttpHandlerAdapter.java:66)
	|_	Mono.doOnSuccess ⇢ org.springframework.http.server.reactive.ReactorHttpHandlerAdapter.apply(ReactorHttpHandlerAdapter.java:67)

This seems to cause an issue on the whole server's config because when you run create-stream.sh, records are created, but nothing shows up in the browser.

posting #1
HTTP/1.1 201 Created
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json;charset=UTF-8
Expires: 0
Location: /profiles/5ce85013aa9cf962af8f34fa
Pragma: no-cache
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
content-length: 0

new subscription yields old events

Hi @mraible, hi @joshlong

I just watched your spring.io talk (which I really liked) and played a bit with your example.

It seems that when I create a new profile and then subscribe to the the event stream I still see the previously created profiles. I think this is undesired/unexpected. How can I avoid that?

In my application I solved that by creating hot fluxes manually, however I like your approach with the Consumer and Application events much better.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

oktadev / okta-spring-webflux-react-example Goto Github PK

okta-spring-webflux-react-example's Introduction

Reactive Spring WebFlux API + Real-time React

Getting Started

Links

Help

License

okta-spring-webflux-react-example's People

Contributors

Stargazers

Watchers

Forkers

okta-spring-webflux-react-example's Issues

Recommend Projects

Recommend Topics

Recommend Org