Skip to content

Implement Google OAuth/OIDC and OneTimeCode#2533

Open
chrisknoll wants to merge 4 commits into
webapi-3.0from
cknoll/google-auth
Open

Implement Google OAuth/OIDC and OneTimeCode#2533
chrisknoll wants to merge 4 commits into
webapi-3.0from
cknoll/google-auth

Conversation

@chrisknoll

Copy link
Copy Markdown
Collaborator

This PR introduces the Google authentication via Spring Security Oauth2, and the One Time Code functionality that is needed to relay the JWT token securely to the browser.

We now infer the callback url from the request (instead of making implementors encode a callback URL) which handles reverse proxy using X- headers, which is handled by Spring. This eliminates a application config variable and a docker environment variable.

This also modifies the existing OIDC login flow to generate the OTC code. Once this PR is in place, the UI will need to be updated to implement a client-side route /#otc?code={uuid} that will then call back to the WebAPI /user/login/otc?code={uuid} that will return the JWT associated with the authenticated user. The OTC works once, and then is revoked, with a TTL of 10 minutes (configurable, by default).

Add migration for OTC tales.
Change session cleanup to fixedDelay.
Added scheduled to OTCService cleanup.
… registration.

Communicate authenticated session/jwt with one-time-code.
Added article describing the One-Time-Codes.
Removed obsolete config settings from application.yaml.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant