UAA or non oidc oauth2 in jhipster-control-center - jhipster

Is there a way to configure jhipster-control-center for use with jhipster UAA authentication or non-oidc oauth2 authentication?
I tried setting env parameters on the container for standard oauth2 but I'm unable to login.
export SECURITY_OAUTH2_CLIENT_ACCESS_TOKEN_URI="https://{domain}/oauth/token"
export SECURITY_OAUTH2_CLIENT_USER_AUTHORIZATION_URI="https://{domain}/oauth/authorize"
export SECURITY_OAUTH2_RESOURCE_USER_INFO_URI="https://{domain}/api/account"
export SECURITY_OAUTH2_CLIENT_CLIENT_ID="{clientId}"
export SECURITY_OAUTH2_CLIENT_CLIENT_SECRET="{clientSecret}"

Related

JHipster Okta gateway application is not authenticating

I generated a gateway application with JHipster to test oauth2 through Okta for my organization. I didn't make any changes to the code beyond what was recommended in the readme: The client ID and Secret are in the yml, as well as the issuer uri.
It redirects me to Okta. I log in. It redirects back as expected. Then I got an unauthorized error at /login?error. So I tried adding a permitAll for /login/**. This resulted in error 404.
Something in the recommended configuration is not working as expected.
application.yml:
oauth2:
client:
provider:
oidc:
issuer-uri: https://dev-[numbers].okta.com/oauth2/default
registration:
oidc:
client-id: {my real client id}
client-secret: {my client secret}
scopes:
- profile
- email
- openid
- customScope
What am I doing wrong?
Could it be the environment variables are not being read?
From .okta.env, but I also added them to the environment variables in the intellij configuration
export SECURITY_OAUTH2_CLIENT_USER_AUTHORIZATION_URI="https://dev-[number].okta.com/oauth2/default/v1/authorize"
export SECURITY_OAUTH2_RESOURCE_USER_INFO_URI="https://dev-[number].okta.com/oauth2/default/v1/userinfo"
export SECURITY_OAUTH2_RESOURCE_TOKEN_INFO_URI="https://dev-[number].okta.com/oauth2/default/v1/introspect"
export SECURITY_OAUTH2_CLIENT_CLIENT_ID={clientid}
export SECURITY_OAUTH2_CLIENT_CLIENT_SECRET={clientsecret}

How to define Nestjs dynamic module for Authentication with Passport

i'm trying to create a library to share my auth module between projects. I have 2 params to set in the Strategy (issuer and audience) to configure my project with the right identity server to validate the jwt. I have followed https://dev.to/nestjs/advanced-nestjs-how-to-build-completely-dynamic-nestjs-modules-1370 to implement it, but the method registerAsync don't work as expected (says "Unknown authentication strategy "jwt"") in the console when trying to call an authenticated API). However the register method works fine. Can someone help me? I share with u the code
AuthModule
Strategy Provider to register with params from ConfigService
How i use registerAsync method in app.module.ts

Azure AD Token based Authentication for WebAPI

We have developed Web API in .net Core 2.1 without authentication.
But now we are trying to add the Azure AD token based authentication.
we have registered app in azure AD and we did necessary changes in startup.cs file. and added authorize tag
When we test the API in postman we generated token we are getting Microsoft login page in Html format as result.
when we crosscheck the API in browser, its asking domain user name and password by providing the user name password we are getting the result.
Its seems some configuration or setting missing in Azure AD setup or code.
Can anyone help on this. other wise anyone share the steps for token based authentication implementation for API.
If you already have the api , you should firstly register an app in Azure Portal .
In your api application , you can follow the below steps :
Install the package Microsoft.AspNetCore.Authentication.AzureAD.UI
Register the Azure AD Bearer authentication service in ConfigureServices function :
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
In appsettings.json , set the correct api configuration from Azure Portal :
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "YourDomain.onmicrosoft.com",
"TenantId": "cb1c3f2e-a2dd-4fde-bf8f-f75ab18b21ac",
"ClientId": "83bf146d-4948-4596-a4b3-b7b2e68ac3e0"
},
Tenant ID ,domain name and API's ClientId could be find in Azure Portal .Then you can add Authorize attribute on protected controllers/actions . If you have multiple authentication schema , you can authorize with a specific scheme .
You client app will uses the OpenID Connect middleware and the ADAL/MSAL to obtain a JWT bearer token for the signed-in user using the OAuth 2.0 protocol. The bearer token is passed to the web API, which validates the token and authorizes the user using the JWT bearer authentication middleware.

How to expose a public Microservice without any authentication at all?

I have a public Microservice that I want to expose to the world. When creating a Microservice application we always get the question :
? (6/16) Which *type* of authentication would you like to use? (Use arrow keys)
❯ JWT authentication (stateless, with a token)
[BETA] Authentication with JHipster UAA server (the server must be generated separately)
But what about having a "No Authentication" option (like "No" registry or "No database") ? This would get rid of a few lines of code and Spring Security configuration.
WDYT ?
You can create your custom RestController and set a mapping different from /api/*** because it's only path prefixed by /api that are secure.

Setting jwt audience in Azure Mobile Apps backend

I am playing with an Azure Mobile Apps backend (nodeJS), as discussed here. I have been using the default web setup configuration to develop my mobile app, but now I want to customise the cloud backend functionality, so I have created a local backend with the Azure-Mobile-Apps SDK.
I logged in with my mobile app (using the authorization aspect of the Azure client SDK) and then captured the AuthToken, using a live managed backend setup.
When I then come to try and authorise a request, I get the following issue:
{ "name": "JsonWebTokenError", "message": "jwt audience invalid. expected: urn:microsoft:windows-azure:zumo" }
Following on from: Locally Testing Azure Mobile Auth - invalid jwt signature
How can I set the jwt audience?
To set the audience and issuer, use the auth:{} object in your azureMobile.js. You can decode the JWT at jwt.io to see what the audience and issuer are, then do:
auth: {
audience: '<your audience>',
issuer: '<your issuer>'
};
Some good references:
My blog post on Custom Auth
The main configuration reference (which azureMobile.js exports)

Resources