Hi,

First of great presentation learned a lot and raised a few more questions for me.

But wanted to know about a different approach for the authorization server. Is it possible to change the authorization server to not use form login and maybe replace it with a React/Next or any other front end framework for handling that part of the flow.

Is it a good idea to do that???

This is what I have tried against the latest commit in main branch

1. Map 127.0.0.1 to auth-server in my local hosts file
2. Start sso application
3. Start api application
4. Start web application
5. Hit web application by going to http://localhost:8000
6. I was redirected to sso application login url at: http://auth-server:9000/login
7. Enter credential: josh/control
8. I then got this sso error url = http://auth-server:9000/error?response_type=code&client_id=air-traffic-control&scope=openid%20flights:read%20flights:write&state=89B_tqK-vGVQLLPdbujyMxUGr5J2d6A2PdzJOmjUC-A%3D&redirect_uri=http://localhost:8000/login/oauth2/code/air-traffic-control-client&nonce=QVIN4qjrngwR_pl0jVoYIw8theirJRArL8OOQ8yomh4

As a side note, I also tried the samples from spring-authorization server project - https://github.com/spring-projects/spring-authorization-server/tree/main/samples and it works as expected.

I changed the configuration of flights-web a bit like this:

@Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        // @formatter:off
        http
                .authorizeExchange(authorizeExchangeSpec -> authorizeExchangeSpec
                        .pathMatchers("/app/**", "/*.*.js", "/*.*.css", "/assets/**")
                        .permitAll())
                .authorizeExchange((authorize) -> authorize
                        .anyExchange().authenticated()
                )
                .oauth2Login(Customizer.withDefaults())
                .csrf((csrf) -> csrf
                        .csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
                );
        // @formatter:on
        return http.build();
    }

Then I got the following result: Maybe when the page wants to use ajax to call the interface, it gets a 302, but ajax can't handle 302 efficiently

Thanks a lot for your video presentation and this repository :slightly_smiling_face:

I have a very similar setup of applications/components but I currently got stuck with the security configuration in the gateway. Mabye you can get me out of there.

The basic parts of the application are:

• A single-page application in Vue
• A Spring Cloud Gateway acting as OAuth2 client for a Keycloak IDP
• A Spring Boot API backend

The integration itself is working but for the time being I'm getting redirected to a hard-coded URL after a successful authentication. Now I'd like to change this behavior, so that if the user originally visited http://localhost:8093/profile, then the gateway should redirect the user to exactly this URL after login.

@Configuration
@EnableWebFluxSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) {
        httpSecurity
                .csrf().disable()
                .authorizeExchange()
                .anyExchange().authenticated()
                .and()
                .oauth2Login()
                // Use original user-agent URL here?
                .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("http://localhost:8093"))
                .and()
                .exceptionHandling().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))
                .and()
                .oauth2ResourceServer().jwt();
        return httpSecurity.build();
    }
}

This question is also available at https://stackoverflow.com/q/71176804/478406 but the answer seems not to apply when using @EnableWebfluxSecurity.

What would be the best way to access the information encoded in the OpenID token from the Angular SPA side? For example, I want to display the user's name in the SPA after login.

As far as I understand no tokens at all are available directly to the SPA.

Now the spa is served as static content from the /static directory of flights-web. I mean deploy the '/static directory' to nginx, because usually the static resources are developed by another group of people who are now deploying their SPA pages directly on nginx.

Hello, and first I want to say thanks for a solid presentation package with a Youtube video together with this Github repo.

When I attempted to follow along, I grabbed the repo, and ran through the "Getting Started" section. I am on Windows BTW and the error was:

> Task :flights-api:generateAot FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':flights-api:generateAot'.
> No access hint found for import selector: org.springframework.boot.autoconfigure.data.jpa.JpaRepositoriesAutoConfiguration$JpaRepositoriesImportSelector

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 25s
3 actionable tasks: 3 executed
Press any key to continue . . .

When I then looked at the Git repo history, I discovered that the "main" branch was already done with all the steps. So I checked out "demo" to find a state prior to the work I'm about to "follow along" -- and that built fine! 😃

So right after finishing this issue report, I'll go right back and go through the demo, following along. I am way too new at this to have any clue what was going wrong above.

When I encounter the build issue again while going through the demo, I should have more details to add that may be helpful. In the meantime, here's the versions I'm working with:

Microsoft Windows [Version 10.0.20348.825]
(c) Microsoft Corporation. All rights reserved.

C:\devplay\spring-security-5_5-from-taxi-to-takeoff\springone-2021>node --version
v19.0.0

C:\devplay\spring-security-5_5-from-taxi-to-takeoff\springone-2021>npm --version
8.19.2

C:\devplay\spring-security-5_5-from-taxi-to-takeoff\springone-2021>gradle --version

------------------------------------------------------------
Gradle 7.5.1
------------------------------------------------------------

Build time:   2022-08-05 21:17:56 UTC
Revision:     d1daa0cbf1a0103000b71484e1dbfe096e095918

Kotlin:       1.6.21
Groovy:       3.0.10
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          11.0.11 (AdoptOpenJDK 11.0.11+9)
OS:           Windows Server 2019 10.0 amd64


C:\devplay\spring-security-5_5-from-taxi-to-takeoff\springone-2021>