JHipster using 2 authentication types together - java

Working on a jhipster project and love it. Its fantastic.
I am wondering if its possible to have both session based and x-auth-token or oauth together ?
We want our users to be able to access the the web interface but also call the API from server code.
Thanks

If there any reason not to have web and API access via existing OAuth2 - see an example here: jhipster oauth : How can i get the access_token via CURL

Related

What is the easiest way to authenticate and manage user in springboot angular8 webapp?

i am doing a website frontend angular 8, backend springboot, maven, hibernate, and mysql db. I am very principiant in authenticate and manage login, users and roles in front end for pages and backend i saw it jwt toutorial or oauth2 but i have not found any toutorial that worked for me. I really appreciate if someone can suggest me a easiest way or link me some tutorial. If you can help me i could need some explanation about what i need in front end with angular and backend with springboot.
Thanks for helps
update...
mt jwt code is the same of this guide
https://dzone.com/articles/spring-boot-security-json-web-tokenjwt-hello-world
but i can't understand what i need inside JwtUserDetail cause is not present in there... some one knows what i need there?
JWT is a great option. Instead of trying to start from scratch, i think the easiest way is to try JHipster. It's a code generation tool that you can download, and use to generate a starter project, with the stack you require (Angular frontend, Spring Boot backend), and JWT authentication. It has an interactive command line UI, that prompts for a lot of options available to generate the app. It also allows to generate code (backend and frontend) for other authentication mechanisms, as you can see here: Security

Spring Security call login programmatically

I am developing an application and I am using Spring Security. My question is - is there a way to call the exact logic that is run when I send a post request to /login (default), but from within the programme?
Normally, I post my LoginUserDto object to /login endpoint to login. However, I am implementing facebook login now, so I am constructing my LoginUserDto on the server side from whatever data I get from facebook based on user's access token. Now I just need to call the same logic that I would normally call with the rest call to /login, but from within the code in order to return tokens.
Does anyone know how this can be done?
Thanks
You should look at Spring Security 5's inbuilt support for OAuth2, as this will be the easiest way to incorporate Facebook as an external Authorization Server. There is some good documentation which walks through what is necessary via OAuth2 Login. Additionally, I found working with the oauth2login sample code from the Spring Security Repository extremely helpful to understand how the application should be configured, and it has a section for integrating with Facebook.

Java: Authentication and Authorization with iOS/Android/Angular as client

I am looking for building an iOS/Android and Angular app with Java at the backend(REST API). Java will use spring framework. I am looking for the options for User authentication. iOS/Android App will be used by the client and Angular web app will be used my management. Angular web users will have different roles so requirement requires authentication(email and password) as well as authorization. Considering this I was thinking of using Spring Security with a custom UserDetailService. However I guess that will have issues with cookies. I looked into AWS Cognito Identity and Firebase and got more confused. It will be a great help if someone can share there experience with such requirement.
i had created basic login application in angular application by referring the links:
http://jasonwatmore.com/post/2015/03/10/angularjs-user-registration-and-login-example-tutorial
and i have used cakePHP3 for rest API generation and Token is generated on the the basis of JWT, JSON Web Token (JWT) is a JSON-based open standard used for passing claims between two parties in the context of web application environment. These token are specially designed to be very compact and URL safe. Their usability in the context of web browser single sign-on is also remarkable. JWT claims are useful for passing identities’ verification between service providers and identity providers. you'll find the reference links on internet.
for android and IOS you need to learn JSON parsing first. In android, JSON parsing can be done using OKHttpclient/Volley "android hive" is best site to learn jsonParsing and in IOS jsonParsing can be done using AFNetworking.
Hope this will help you.
The Ideal Project for you is Spring Security OAuth2. With this you can make your REST API Stateless and no need to worry about Cookies and Sessions.

OAuth2 : How to generate client id and client secret?

Let's say I have a simple application.
How to set up OAuth2 to allow another application to access to some parts of my application.
For example, when devs want to use the Facebook API, they use the Facebook API User interface that generate Client id, client secret etc.
So, this is what i want my website do. provide client credentials when they request them.Not necessary by building an UI but programmatically (JAVA).
In other words, what is the stack behind the facebook API OAuth UI ? Is there a simple framework to set it up quickly and easily ?
thank you
There are lots of frameworks for setting up OAuth in a Java application. I would recommend having a look at Spring Boot, for example.

Using OAuth for Spring Rest API

I am developing a application which uses Spring Rest services. I am using basic auth for authentication. I know that it is unsecure. My end client are capable of handling OAuth. I want to use OAuth, can any one point me to how to do OAuth in Java. I saw some examples they mention about Twitter , Google and Facebook.But I don't want to use social networking sites.
OAuth is a concept, and not any library which you can inject, (of course libraries exists to implement that)
So if you want to have OAuth in your application (i.e your application has its own OAuth), you have to setup following things
Authentication Server
Provide Provision to Manage OAuth Clients
Manage AccessTokens
Check out the OAuth 2.0 Specification to get clear understanding of how it works and how to build your own.
https://www.rfc-editor.org/rfc/rfc6749

Categories