Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for JHipster #351

Open
mraible opened this issue Sep 5, 2021 · 1 comment
Open

Add support for JHipster #351

mraible opened this issue Sep 5, 2021 · 1 comment
Labels
feature request A feature has been asked for or suggested by the community

Comments

@mraible
Copy link

mraible commented Sep 5, 2021

Describe the problem you'd like to have solved

JHipster is adding Auth0 support in its next release. It'd be cool if the steps to configure a JHipster app on Auth0 was automated by the Auth0 CLI.

Okta's CLI has support for it using okta apps create jhipster. You can see how it was added in okta/okta-cli#3. You can see how it works in https://youtu.be/ThytrcxL31s?t=90.

Describe the ideal solution

auth0 apps create jhipster

Alternatives and current work-arounds

Currently, we (the JHipster team) has the following docs for configuring a JHipster app.

Create an OIDC App using Auth0 Admin Dashboard

  • Create a free developer account at https://auth0.com/signup. After successful sign-up, your account shall be associated with a unique domain like dev-xxx.us.auth0.com
  • Create a new application of type Regular Web Applications. Switch to the Settings tab, and configure your application settings like:
    • Allowed Callback URLs: http://localhost:8080/login/oauth2/code/oidc
    • Allowed Logout URLs: http://localhost:8080/
    • NOTE: If you're using the JHipster Registry, add URLs for port 8761 too.
  • Navigate to User Management > Roles and create new roles named ROLE_ADMIN, and ROLE_USER.
  • Navigate to User Management > Users and create a new user account. Click on the Role tab to assign roles to the newly created user account.
  • Navigate to Auth Pipeline > Rules and create a new Rule. Choose Empty rule template. Provide a meaningful name like JHipster claims and replace Script content with the following and Save.
function (user, context, callback) {
  user.preferred_username = user.email;
  const roles = (context.authorization || {}).roles;

  function prepareCustomClaimKey(claim) {
    return `https://www.jhipster.tech/${claim}`;
  }
  const rolesClaim = prepareCustomClaimKey('roles');
  if (context.idToken) {
    context.idToken[rolesClaim] = roles;
  }
  if (context.accessToken) {
    context.accessToken[rolesClaim] = roles;
  }
  callback(null, user, context);
}

Configure JHipster Application to use Auth0 as OIDC Provider

In your JHipster application, modify src/main/resources/config/application.yml to use your Auth0 settings:

spring:
  ...
  security:
    oauth2:
      client:
        provider:
          oidc:
            # make sure to include the ending slash!
            issuer-uri: https://{your-auth0-domain}/
        registration:
          oidc:
            client-id: {clientId}
            client-secret: {clientSecret}
            scope: openid,profile,email
jhipster:
  ...
  security:
    oauth2:
      audience:
        - https://{your-auth0-domain}/api/v2/

If you have a doubt on the issuer-uri value, then, you can get the value from Applications > {Your Application} > Settings > Advanced Settings > Endpoints > OpenID Configuration. Remove .well-known/openid-configuration suffix since that will be added by the Spring Security.

You can use the default Auth0 Management API audience value from the Applications > API > API Audience field. You can also define your own custom API and use the identifier as the API audience.

Before running Cypress tests, specify Auth0 user details by overriding the CYPRESS_E2E_USERNAME and CYPRESS_E2E_PASSWORD environment variables. Refer to Cypress documentation for more details.

export CYPRESS_E2E_USERNAME=<your-username>
export CYPRESS_E2E_PASSWORD=<your-password>

Note: Auth0 requires a user to provide authorization consent on the first login. Consent flow is currently not handled in the Cypress test suite. To mitigate the issue, you can use a user account that has already granted consent to authorize application access via interactive login.

If you experience authentication issues with Cypress, see this guide for a workaround.

Using Environment Variables

You can also use environment variables to override the defaults. For example:

export SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI="https://{your-auth0-domain}/"
export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID="{client-id}"
export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET="{client-secret}"
export JHIPSTER_SECURITY_OAUTH2_AUDIENCE="https://{your-auth0-domain}/api/v2/"

You can put this in an ~/.auth0.env file and run source ~/.auth0.env to override the default Keycloak settings with Auth0 and start your app with Maven or Gradle. You should be able to sign in with the credentials you registered with.

Note: If you're on Windows, you should install WSL so the source command will work.
@Widcket Widcket added the feature request A feature has been asked for or suggested by the community label Sep 17, 2021
@mraible
Copy link
Author

mraible commented Sep 26, 2023

@deepu105 It looks like we might have to implement this ourselves since it's been marked as "Won't do."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request A feature has been asked for or suggested by the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mraible @Widcket