Closed pascalgrimaud closed 2 years ago
Of course, i can do it !
I have tested several IDP providers (Okta, Auth0), it works fine with swagger-ui. The angular app is specific to the Keycloak provider, see this angular service for more details.
To use Okta or Auth0 instead of Keycloak, follow the configuration steps below:
Configure JHipster-lite Application to use Okta as OIDC Provider
In your application, modify src/main/resources/config/application.properties
to use your Okta settings:
application.security.oauth2.audience=account,api://default
spring.security.oauth2.client.provider.oidc.issuer-uri=https://{your_okta_domain}.okta.com/oauth2/default
spring.security.oauth2.client.registration.oidc.client-id={your_client_id}
spring.security.oauth2.client.registration.oidc.client-secret={your_client_secret}
springdoc.swagger-ui.oauth.client-id={your_client_id}
springdoc.swagger-ui.oauth.realm=jhipster
springdoc.swagger-ui.oauth.scopes=openid,profile,email
springdoc.oauth2.authorization-url=https://{your_okta_domain}.okta.com/oauth2/defaul/v1/authorize?nonce=\"jhipster\"
Configure JHipster-lite Application to use Auth0 as OIDC Provider
In your application, modify src/main/resources/config/application.properties
to use your Auth0 settings:
application.security.oauth2.audience=account,api://default,https://{your_auth0_domain}.us.auth0.com/api/v2/
spring.security.oauth2.client.provider.oidc.issuer-uri=https://{your_auth0_domain}.us.auth0.com/
spring.security.oauth2.client.registration.oidc.client-id={your_client_id}
spring.security.oauth2.client.registration.oidc.client-secret={your_client_secret}
springdoc.swagger-ui.oauth.client-id={your_client_id}
springdoc.swagger-ui.oauth.realm=jhipster
springdoc.oauth2.authorization-url=https://{your_auth0_domain}.us.auth0.com/authorize?audience=https://{your_auth0_domain}.us.auth0.com/api/v2/
Great! I think it is a good idea to make module for that (just doing the configuration updates). Can you take it?
We need to keep in mind, the secrets should not be committed, so here some ideas:
For example, for Okta:
application-okta.properties
with these values (without secret)okta.sh
, which contains some export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_etc...okta.sh
in .gitignore
so it won't be commitedcc @mraible as I think you can be interested by this ticket
I'd recommend using environment variables and GitHub secrets to store the client secret. The issuer and client ID are OK in plain text.
It's more a ticket to check if it works well. As I know you already did this for JHipster Registry, can you take care of it @juliensadaoui ?
Then, depending on what you have to customize, it could be a new Okta module
I'm adding a bounty as Okta is one of our sponsor and it's important to check this