search

jhipster / jhipster-lite

JHipster Lite ⚡ is a development platform to generate, develop & deploy modern web applications & microservices architecture, step by step - using Hexagonal Architecture :gem:
https://lite.jhipster.tech
Apache License 2.0
463 stars 212 forks source link

Check and test with Okta configuration #3634

Closed pascalgrimaud closed 2 years ago

pascalgrimaud commented 2 years ago

It's more a ticket to check if it works well. As I know you already did this for JHipster Registry, can you take care of it @juliensadaoui ?

Then, depending on what you have to customize, it could be a new Okta module

I'm adding a bounty as Okta is one of our sponsor and it's important to check this

juliensadaoui commented 2 years ago

Of course, i can do it !

juliensadaoui commented 2 years ago

I have tested several IDP providers (Okta, Auth0), it works fine with swagger-ui. The angular app is specific to the Keycloak provider, see this angular service for more details.

To use Okta or Auth0 instead of Keycloak, follow the configuration steps below:

Configure JHipster-lite Application to use Okta as OIDC Provider

In your application, modify src/main/resources/config/application.properties to use your Okta settings:

application.security.oauth2.audience=account,api://default
spring.security.oauth2.client.provider.oidc.issuer-uri=https://{your_okta_domain}.okta.com/oauth2/default
spring.security.oauth2.client.registration.oidc.client-id={your_client_id}
spring.security.oauth2.client.registration.oidc.client-secret={your_client_secret}
springdoc.swagger-ui.oauth.client-id={your_client_id}
springdoc.swagger-ui.oauth.realm=jhipster
springdoc.swagger-ui.oauth.scopes=openid,profile,email
springdoc.oauth2.authorization-url=https://{your_okta_domain}.okta.com/oauth2/defaul/v1/authorize?nonce=\"jhipster\"

Configure JHipster-lite Application to use Auth0 as OIDC Provider

In your application, modify src/main/resources/config/application.properties to use your Auth0 settings:

application.security.oauth2.audience=account,api://default,https://{your_auth0_domain}.us.auth0.com/api/v2/
spring.security.oauth2.client.provider.oidc.issuer-uri=https://{your_auth0_domain}.us.auth0.com/
spring.security.oauth2.client.registration.oidc.client-id={your_client_id}
spring.security.oauth2.client.registration.oidc.client-secret={your_client_secret}
springdoc.swagger-ui.oauth.client-id={your_client_id}
springdoc.swagger-ui.oauth.realm=jhipster
springdoc.oauth2.authorization-url=https://{your_auth0_domain}.us.auth0.com/authorize?audience=https://{your_auth0_domain}.us.auth0.com/api/v2/
DamnClin commented 2 years ago

Great! I think it is a good idea to make module for that (just doing the configuration updates). Can you take it?

pascalgrimaud commented 2 years ago

We need to keep in mind, the secrets should not be committed, so here some ideas:

For example, for Okta:

cc @mraible as I think you can be interested by this ticket

mraible commented 2 years ago

I'd recommend using environment variables and GitHub secrets to store the client secret. The issuer and client ID are OK in plain text.