Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GSGGR-156 Add OIDC authentication flow for the geoshop frontend #21

Merged
merged 6 commits into from
Oct 7, 2024

Conversation

lanseg
Copy link
Contributor

@lanseg lanseg commented Sep 23, 2024

This pull request adds initializes an open-id authentication for the geoshop-frontend, but to make it fully working there should be an update on the geoshop-backend side. Here is the frontend flow:

  1. Angular application authenticates user with an OIDC provider and sends access token to the backend
  2. Backend gets user information from the OIDC provider by token, creates new user or update existing
  3. Backend issues refresh and access tokens and returns them to the frontend.
    • Thant makes possible to keep name/password login and token refresh working.

If no OIDC provider is configured, OIDC authentication is disabled (see screenshots).
Frontend without OIDC
Frontend with OIDC

@lanseg lanseg requested review from marionb and danduk82 September 23, 2024 14:34
@lanseg lanseg self-assigned this Sep 23, 2024
@lanseg lanseg requested a review from gberaudo September 24, 2024 07:50
@lanseg lanseg force-pushed the GSGGR-156-frontend-auth branch from bee3e15 to cde43ae Compare September 27, 2024 09:02
@pmauduit pmauduit changed the title GSGGR-156 Add OICD authentication flow for the geoshop frontend GSGGR-156 Add OIDC authentication flow for the geoshop frontend Sep 27, 2024
Copy link
Member

@gberaudo gberaudo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is fine to me to implement OIDC-Connect with a "native" Angular library (angular-auth-oidc-client).

I guess the client configuration will be in another place?

checkOidcToken(token: string): Observable<{ identity: Partial<IIdentity>; callbackUrl: string; }> {
this._getApiUrl();

const url = new URL(`${this.apiUrl}/oidc/token`);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not directly create a string?

Suggested change
const url = new URL(`${this.apiUrl}/oidc/token`);
const url = `${this.apiUrl}/oidc/token`;

@lanseg lanseg requested a review from gberaudo October 7, 2024 07:43
@lanseg lanseg merged commit 56366a3 into master Oct 7, 2024
2 checks passed
@lanseg lanseg deleted the GSGGR-156-frontend-auth branch October 7, 2024 07:43
lanseg pushed a commit that referenced this pull request Dec 2, 2024
* Update Dockerfile

* retrieve docker-compose file from other branch

* wip on docker-compose file

* local init script

* Example docker-composition

* Remove dotenv

* Envvar for ADMIN_USERNAME

* chore: setup docker compose dev environment

* chore: improve fixtures generation to be compatible with initialized DBs

* chore: missing import gettext_lazy import

* chore(Dockerfile): remove /mnt/geoshop_data directory creation

---------

Co-authored-by: Andrea Borghi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants