-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authenticate grails server with GitHub - so users only see what they are doing and only allow some to do upload #39
Comments
|
I was getting it "work" here: https://github.com/nathandunn/grails4-multiple-oauth-example/settings However, it was using a legacy API. Using this guide instead: https://guides.grails.org/grails-test-security/guide/index.html |
Note for https://github.com/nathandunn/grails4-multiple-oauth-example this almost works. We need to be able to specify that some users are "ADMIN" and some are not, regardless of their role. I think what happens, is that all users end up being secured in the same way and we use a separate permission service to check particular users. |
This needs to be replicated using a REST-full controller with React |
Potentially I need to add the OauthID to the Person object and provide grails.plugin.springsecurity.oauth2.domainClass = 'com.insilico.dmc.OAuthID' However, its unclear. |
curl api call: curl -v -H 'Accept: application/json' -H "Cookie: jwt=" http://localhost:8080/api/ |
Almost working but react-google-login uses a different token strategy when decoding (i.e., not MAC512, but RS 256) so completely different, though maybe can be transcoded? Going to use the googleapis oauth2 client instead to get a potentially more consistent token . . . |
vs
Also note, this is how you add extractors to pull out users with Spring Boot (less sure about Grails, but may not be necessary): https://medium.com/@bvulaj/mapping-your-users-and-roles-with-spring-boot-oauth2-a7ac3bbe8e7f |
Even if we can do other than we can only verify with |
So grails does not support this explicitly. Not sure fix version. Options:
Will try 1, shoot for 2, and then do 4. |
Finally will need to map to a domain class at some point as well. For 1 it is problematic as it comes back as an httponly cookie, which I think is a good thing, but then not rebroadcast as part of the axis request. |
Because the domain is not (and will not be shared likely), we can't share the httpOnly cookie (even if just different ports). Definitely possible to put them on the same domain, but a different path. however, not sure if that would work either. As HS256 is less than preferred, especially for open-source, may look to another model. |
for 1. Note the current state is here: http://github.com/nathandunn/grails4-multiple-oauth-example and https://github.com/nathandunn/test-oauth2-client Auth0 grails integration example guides here: |
Oh, this is the sample we want: https://github.com/auth0-samples/auth0-grails3-spring-security-mvc-sample or this one: |
Probably the easiest thing to do would be to login the front and then use https://github.com/jwtk/jjwt#jws-key-rsa to verify the key: https://github.com/jwtk/jjwt#verification-key |
|
* added initial user data * updating user requests * automatially bootstraps users * used more formal parsing * admins bootstrapped and updated * updated * added proper fields * updated * added proper private versus public list calls * added is public * added user * added shared user * monior cleanup
jwt
token across)Follow: https://guides.grails.org/grails-oauth-google/guide/index.html (and) https://github.com/nathandunn/grails-oauth-google
https://grails-plugins.github.io/grails-spring-security-rest/latest/docs/#_google
This uses google for Outh2 as below here. This is actually using the REST plugin:
https://plugins.grails.org/plugin/grails/spring-security-rest
https://guides.grails.org/grails-oauth-google/guide/index.html
https://github.com/grails-guides/grails-oauth-google/tree/master/complete
Authorize REST version for login:
https://grails-plugins.github.io/grails-spring-security-rest/latest/docs/
good example of how to do the providers with Spring Boot:
https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/
The text was updated successfully, but these errors were encountered: