Disable JWT

[DamnClin]

Following discussions with @pascalgrimaud we think it may be a good idea to disable all JWT related integrations. Reasons are:

• The integration is far from done (not getting users from database, etc);
• We (@pascalgrimaud and @DamnClin) have no use for this integration for now (we are using IDP on all our projects) so our integration will probably be really bad;
• It's a lot of work to make it work so we need a use case!

By disable we are thinking to:

• Remove buttons in the legacy UI;
• Update CI to depend less on those;
• Delete endpoints;
• Move related to specific folders for further usage (or deletion).

Any though on that?

[pascalgrimaud]

Just hold on a little bit. I need time to think more as JWT is used with basic auth by Angular and React

[DamnClin]

Yep, it's used but we can't really say it's working. For Angular (haven't tried on react, just did the migration) you have no message at all when your authentication fails and when it succeed the screen is bugged (not displaying username).

Of course, we can spend time fixing that and make the whole thing work (since it's not getting users from database right now) BUT this is worth it only if we are convinced that this authentication scheme is really used. From what we see from our usages (or at entando, as an example) this kind of authentication is not used at all.

For me, deleting all JWT authentication is the best think to do right now to be able to move on to what we want to build here: an easy to use, easy to contribute, tool to bootstrap healthy applications.

This is a hard decision for me since I have spent hours trying to make my head around that part but it but it must harder for you who spend days making that work.

Just beware of the Sunken Cost fallacy here. Yes, we are gonna "loose" (we'll still have it in git) lots of code BUT I'm really convinced that it is the best way to move on, to get rid of Project and to be able to build working applications.

[DamnClin]

Migrations depending on that decision:

• angular-jwt
• liquibase-user-and-authority-changelogs
• springboot-jwt
• springboot-jwt-basic-auth
• react-jwt
• flyway-user-and-authority-changelogs
• user-and-authority-entities-postgresql
• user-and-authority-entities-mysql
• user-and-authority-entities-mariadb

[pascalgrimaud]

No, for now, only: angular-jwt springboot-jwt springboot-jwt-basic-auth react-jwt

The other module create user and authority tables but there is no link to JWT as it's used only with basic auth for now

[DamnClin]

I disagree, these user related module have no other use than JWT authentication since they are creating a database model to authenticate users. Modules to create users not related to authentication (to have business specific users information) may exists but those one are only for authentication from what I see

[DamnClin]

Forgot about another use: having an example.

For this we can add example based on the new dummy application business (so beers), this way, JHLite users won't be confused with a double and misaligned users management