I am working on an online training website, and us users I have an admin, a coach ,a registrant to the course and a student. For the jdl how can I integrate these different users. Is it with heritage relationship or doing 2 entities user and role
A lot of the real world SSO use cases require to integrate with an existing identity provider such as azure AD. Most of the time you will not have access to those systems to manage users but instead you need to maintain a user on the service provider side (in your case jhipster) which maps to the user of the identity provider. How would the permissions of the user be managed in that case if user management is disabled once you use single sign on? Or is it possible to create a role mapping which maps the roles of the identity provider to roles of the service provider?
Nico, there are a few ways to do this, you could use OAuth scopes, or another type of group mapping (for example with Okta and a few other IdPs you could add your user's groups to a "claim" and map them into Spring Security. This post / video has a few more details on scopes: developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
thanks for the reply I will take a look at it, but I am still wondering if it is sufficient in a lot of cases to only maintain the users on the idp side, I think even openid connect generally recommends to use a local user on the service provider side which maps to the idp user, is there any way to do this with jhipster?
@@nicoflaig6749 I cannot answer the JHipster specific part, but in general yes, you could use the user's id (use the `uid` or `sub` claim value as the identifier, as this wouldn't like an email address could if someone changed their name), on the Spring side as your primary key. You could also store information about the user with Okta (we have a custom attributes feature). But storing that information with Okta, or storing it in your application is up to you.
@@nicoflaig6749 JHipster already does this for you. When you log in, it will save the user's information into the jhi_user table. It's meant to be a snapshot of the user's data so you can create relationships with it.
Hi Matt, after switching from jwt to oauth2, I got following compilation errors: "...jwt/TokenProvider.java package io.jsonwebtoken (+io + security) does not exist". My steps: 1. build with default jwt auth to check if everything is ok --> ok, jhipster is running 2. change authenticationType to "oauth" in .yo-rc.json 3. running jhipster --with-entities --> no errors 4. mvnw --> errors (see above). TokenProvider.java is still using io.jsonwebtoken packages. Why isn't it updated? Any idea?
Between steps 2 and 3, you have to run "rm -rf *" in your project's directory. Or you can just delete all the files, except for .jhipster and .yo-rc.json.
my application will be launched from salesforce application or imagine I have OAuth for my login access but my REST endpoints of a different secret key and I need refresh token to access from all my endpoints from different servers from my service calls and include in my HTTPClient. Please let me know, how to do it? Is there an interceptor I can do differently for my front end and backend REST API calls?
This sounds pretty complicated. I'd recommend asking your question on Stack Overflow with the "jhipster" tag. That way, more people will see it and might be able to help you.
@@mraible I mean we have JWT project, but also have separated service like keycloak which does social login, but produces JWT keys for statless authentication. Kinda combination of both.. I hope it's a bit more clear.
@@maksimmuruev423 No, you cannot mix OAuth and JWT authentication in a JHipster microservice architecture. However, you can use OAuth and it'll use JWT for its tokens. The main difference between the OAuth and JWT implementations is that OAuth uses an external provider while the JWT implementation generates its own JWT tokens.
We have an Okta CLI that'll configure Okta and JHipster for you: github.com/oktadeveloper/okta-cli We also recently integrated Okta with Heroku so if you create an OAuth 2.0 app with JHipster and deploy it to Heroku, it'll configure Okta for JHipster.
this is great! Matt, you need to do a video of JHipster with MS Azure AD OAuth2. that would be awesome. there is little good documentation.
I am working on an online training website, and us users I have an admin, a coach ,a registrant to the course and a student. For the jdl how can I integrate these different users. Is it with heritage relationship or doing 2 entities user and role
A lot of the real world SSO use cases require to integrate with an existing identity provider such as azure AD. Most of the time you will not have access to those systems to manage users but instead you need to maintain a user on the service provider side (in your case jhipster) which maps to the user of the identity provider. How would the permissions of the user be managed in that case if user management is disabled once you use single sign on? Or is it possible to create a role mapping which maps the roles of the identity provider to roles of the service provider?
Nico, there are a few ways to do this, you could use OAuth scopes, or another type of group mapping (for example with Okta and a few other IdPs you could add your user's groups to a "claim" and map them into Spring Security.
This post / video has a few more details on scopes: developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
thanks for the reply I will take a look at it, but I am still wondering if it is sufficient in a lot of cases to only maintain the users on the idp side, I think even openid connect generally recommends to use a local user on the service provider side which maps to the idp user, is there any way to do this with jhipster?
@@nicoflaig6749 I cannot answer the JHipster specific part, but in general yes, you could use the user's id (use the `uid` or `sub` claim value as the identifier, as this wouldn't like an email address could if someone changed their name), on the Spring side as your primary key.
You could also store information about the user with Okta (we have a custom attributes feature). But storing that information with Okta, or storing it in your application is up to you.
@@nicoflaig6749 JHipster already does this for you. When you log in, it will save the user's information into the jhi_user table. It's meant to be a snapshot of the user's data so you can create relationships with it.
Hi Matt, after switching from jwt to oauth2, I got following compilation errors: "...jwt/TokenProvider.java package io.jsonwebtoken (+io + security) does not exist".
My steps:
1. build with default jwt auth to check if everything is ok --> ok, jhipster is running
2. change authenticationType to "oauth" in .yo-rc.json
3. running jhipster --with-entities --> no errors
4. mvnw --> errors (see above).
TokenProvider.java is still using io.jsonwebtoken packages. Why isn't it updated?
Any idea?
Between steps 2 and 3, you have to run "rm -rf *" in your project's directory. Or you can just delete all the files, except for .jhipster and .yo-rc.json.
@@mraible thank you very much!
my application will be launched from salesforce application or imagine I have OAuth for my login access but my REST endpoints of a different secret key and I need refresh token to access from all my endpoints from different servers from my service calls and include in my HTTPClient. Please let me know, how to do it? Is there an interceptor I can do differently for my front end and backend REST API calls?
This sounds pretty complicated. I'd recommend asking your question on Stack Overflow with the "jhipster" tag. That way, more people will see it and might be able to help you.
Can we just introduce Oauth to JWT bridge microservice and be done with it? Without changes existed ones?
I don't understand your question. Can you please re-phrase it or explain what you're trying to do?
@@mraible I mean we have JWT project, but also have separated service like keycloak which does social login, but produces JWT keys for statless authentication. Kinda combination of both.. I hope it's a bit more clear.
@@maksimmuruev423 No, you cannot mix OAuth and JWT authentication in a JHipster microservice architecture. However, you can use OAuth and it'll use JWT for its tokens. The main difference between the OAuth and JWT implementations is that OAuth uses an external provider while the JWT implementation generates its own JWT tokens.
Okta dev should supply an oauth endpoint so JHipster can do all of this for you automatically.
We have an Okta CLI that'll configure Okta and JHipster for you: github.com/oktadeveloper/okta-cli
We also recently integrated Okta with Heroku so if you create an OAuth 2.0 app with JHipster and deploy it to Heroku, it'll configure Okta for JHipster.
hi si ,could you help me about JHipster 6.10.0: Registering a user with additional information,please
Can you please explain a little more about what you're trying to do? Are you using OAuth 2.0 for authentication or a different mechanism?