sjohnr
commented
2 years ago For others, just a note to see this answer to the stackoverflow question specifically. This would be adapting that answer into a guide. Another option for this How-to could be:
- How-to: Externally authenticate a user without OAuth or SAML
Or even:
- How-to: Pre-authenticate a user with a JWT assertion in the URL
As I mentioned in the SO answer, this could relate to JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants and #59, which was recently merged! So there may now be better or related answers (though there's probably a better answer regardless :wink:).
How to authenticate a user based on another JWT - eg pre-authenticate the user that was authenticated through another (separately hosted) login page. The guide could be called "How to use SAS with existing non-oauth system + login page" or something?
This would be very useful as there are a lot of systems out there that are built on JWT, but don't provide full OAuth2.0 flow support. This would allow people to use SAS on-top of their non-oauth system without ripping out the existing system.
Related question and answer: Spring Authorization Server: How to use login form hosted on a separate application?
Ref: https://github.com/spring-projects/spring-authorization-server/issues/499