search

axway-developer-relations / griffin-app-opensource

The Axway Griffin App goes open source!
19 stars 3 forks source link

Authentication Mechanism - How does that work? #12

Open yozef opened 3 years ago

yozef commented 3 years ago

This open source project has a great structure that I'm still trying to wrap my head around.

I was able to run the API server, set up Axway MBaaS, and able to run the iOS/Android App.

However, I'm having issues understanding how Authentication works. The API backend (surprisingly) doesn't have any login authentication from the /apis/ folder.

The Mobile app opens a website to authenticate from oauth-base-url within tiapp.xml, I also realize that there is support for a few Authentication mechanisms like keycloak which I'm not familiar yet with:

let authenticationProvider;

const public_key = fs.readFileSync(`./keys/${turbo.OAUTH_PROVIDER}.pub`, `utf8`);

if (turbo.OAUTH_PROVIDER === `custom_oauth`) {

    authenticationProvider = AuthenticationOAuthProvider({
        baseUrl:        Ti.App.Properties.getString(`oauth-base-url`),
        tokenPath:      `/oauth/token`,
        defaultHeaders: { apikey: Ti.App.Properties.getString(`oauth-apikey`, ``) },
        client_id:      turbo.oauth_client_id,
        keyfile:        `/keys/${Ti.App.Properties.getString(`oauth-kid`, `default`)}.pub`,
        token:          turbo.app.data.auth_token,
    });

} else if (turbo.OAUTH_PROVIDER === `keycloak`) {

    authenticationProvider = new AuthenticationOAuthProvider(`code`, {
        callback_url: turbo.oauth_callback_url,
        client_id:    turbo.oauth_client_id,
        endpoints:    turbo.oauth_endpoints,
        public_key,
        token:        turbo.app.data.auth_token,
    });
}

turbo.authentication = new Authentication({ provider: authenticationProvider });

However if Axway's MBaaS is the backend DB: 1- Should I manually create the User? (does it happen on the Axway's portal back end?) 2- How would you be able to login from the App if Axway's MBaaS?

brentonhouse commented 3 years ago

Hi @yozef! Thanks for your feedback! The current version of the App and API is setup for OAuth providers such as Red Hat SSO (based on Keycloak). The Axway MBaaS does not currently support OAuth but you could probably get it to work with the app and API if you wrote a custom provider. The employee object in the database does need to exist prior to authentication but a feature to support auto-creation will be added in the next release of the Griffin API.