open id connect implementation with spring boot and angular
up vote
0
down vote
favorite
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32.4k104966
asked Nov 11 at 2:19
Jughead1217
163
add a comment |
up vote
0
down vote
favorite
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32.4k104966
asked Nov 11 at 2:19
Jughead1217
163
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32.4k104966
asked Nov 11 at 2:19
Jughead1217
163
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32.4k104966
asked Nov 11 at 2:19
Jughead1217
163
edited Nov 11 at 2:49
georgeawg
32.4k104966
asked Nov 11 at 2:19
Jughead1217
163
edited Nov 11 at 2:49
georgeawg
32.4k104966
edited Nov 11 at 2:49
georgeawg
32.4k104966
edited Nov 11 at 2:49
georgeawg
32.4k104966
32.4k104966
asked Nov 11 at 2:19
Jughead1217
163
asked Nov 11 at 2:19
Jughead1217
163
asked Nov 11 at 2:19
Jughead1217
163
163
add a comment |
add a comment |
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245287%2fopen-id-connect-implementation-with-spring-boot-and-angular%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245287%2fopen-id-connect-implementation-with-spring-boot-and-angular%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
