open id connect implementation with spring boot and angular
up vote
0
down vote
favorite
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32k104865
asked Nov 11 at 2:19
Jughead1217
163
add a comment |
up vote
0
down vote
favorite
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32k104865
asked Nov 11 at 2:19
Jughead1217
163
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32k104865
asked Nov 11 at 2:19
Jughead1217
163
we currently have our application written in Angular6 Front end and spring boot Rest with forgerock(opendj,openam) in the backend.
The way current login works today is Client comes to our website enters his/her credentials and then angular frontend request is routed to spring boot backend rest api which then calls forgerock and authenticates the user and responds with encrypted token which is set as cookie on the frontend and every subsequent call from frontend will include this cookie while making requests to spring boot backend apis.
So,now here is the scenario we need to implement
we have decided to move away with forgerock with an identity provider(not OKTA) and we need to redirect our login to this new Identityprovider with redirecturl along with several other parameters and they do the authentication and redirects back to our side with an authorization token(id_token) along with claims user info. If we use OKTA I came to know that we don't need to redirect and we can refresh our DOM with login page but unfortunately we are not allowed to use okta and have to redirect to this new Identity provider. I know that we have to use implicit flow because we have angular on frontend.
Can someone please help on how to implement this scenario? Here is my guess on implementing this please correct me if I'm wrong.
After the Identity provider authenticates the user we send this to our spring boot rest api and then do another HTTP POST to Identity provider to exchange authorization token for an access token and then encrypt this token back to our frontend and set this as cookie and every subsequent call to back end will use this cookie.
I really appreciate if someone can shed some light on this. Thanks!
angular spring-boot spring-security openid-connect okta
angular spring-boot spring-security openid-connect okta
edited Nov 11 at 2:49
georgeawg
32k104865
asked Nov 11 at 2:19
Jughead1217
163
edited Nov 11 at 2:49
georgeawg
32k104865
asked Nov 11 at 2:19
Jughead1217
163
edited Nov 11 at 2:49
georgeawg
32k104865
edited Nov 11 at 2:49
georgeawg
32k104865
edited Nov 11 at 2:49
georgeawg
32k104865
32k104865
asked Nov 11 at 2:19
Jughead1217
163
asked Nov 11 at 2:19
Jughead1217
163
asked Nov 11 at 2:19
Jughead1217
163
163
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245287%2fopen-id-connect-implementation-with-spring-boot-and-angular%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
