-
Notifications
You must be signed in to change notification settings - Fork 302
JWT Authentication is not implemented in Oasp4j Archetype 2.6.0 #649
Comments
@hohwille that's what I meant in the call yesterday, although I was not correct with the missing module. @jdiazgon said, security module was missing. But anyhow, the issue here is more, that the JWT authentication implemented, we can connect with Angular APPs to the server, but not with Ionic APPs. @sjimenez77 should not more about it. Can you elaborate what the issue here is? It would most probably be better to provide a fix for the oasp4j implementation to make the server work with different client out of the box. |
First of all I agree that such cross-cutting functionality as an JWT-login should be available as a module. Ideally in spring(-security) itself and otherwise if not possible as a oasp4j module.
we would of course need to rework here. My first check would be to see if some spring module already offers such a feature. Further from my experience you can not get JWT auth with zero config. The best practice is to use asymmetric encryption for signature (RSA 4096). Therefore you would need to configure a public key what leads to the next point: Second we should discuss if that stuff is enabled by default in a regular OASP4J app by default. |
Indeed hackish. We IMHO need to create a new module/approach. How about:
|
From
You get these classes:
Still a little low-level (you have to provide signer manually, etc.) but therefore flexible. Ideally you could however configure algorithm (RSA, ECDSA, etc.) simply in |
I am totally fine to not have it as part of the Archetype, but we should at least have to have some support here. Maybe also an HowTo to guide developers. We will have a look into the spring-security modules available. Thanks for the pointers. |
So IMHO we should use |
Currently, the new OASP4J archetype
2.6.0
does not implement JWT authentication properly. My objective is being able to login with an Ionic application (phone app) just by using the OASP4J archetype. Right now, this is not possible by default.For doing so, I had to do a workaround by adding a bunch of files that you will see below:
These files are actually used in the MyThaiStar app.
It would be really nice if this functionality was added for the next release, because we should support a wider range of authentication methods.
What do you think @maybeec and @sjimenez77 ?
The text was updated successfully, but these errors were encountered: