0

I have an Angular 2 app that runs on another server than a Spring Boot based Gateway. All the Angular queries go through this gateway.

I have set up the gateway as a Spring Security resource server, which uses an external OpenID Identity Provider. When I log in from the gateway on the OpenID server; it's all ok, the IDP returns me the token containing every single infos I need to manage the user.

But, I have to initiate the connection from the Angular2 app, and get back the token to store it client side, to be able to send authenticated requests.

When logged in, the OpenID IDP return to my Gateway the token, but how can I give this token back to my front-end ? I feel dumb right now I can't figure this out, like a missing link that seems to be so obvious but I cant think about it :(

EDIT: I found someone in the same case as me ( = wobbly situation) : stackoverflow.com/questions/23648716/redirecting-to-external-page-angular I'll try to send credentials from Angular app to my backend, then make a HTTP query to the remote page (instead of using the form to log in) and then return back the answer to the client.

Thanks a lot !

Richard Deeming
  • 29,830
  • 10
  • 79
  • 151
Alex
  • 4,599
  • 4
  • 22
  • 42
  • What OAuth2 flow do you use? Authorization grant flow? How do you use the tokens (access token, id token)? And what do you want to achieve with them? Do you have some other API you want to call with the tokens? – Ján Halaša Apr 21 '17 at 15:17
  • @JánHalaša I'm using tokens to authentificate users over my REST controllers behind the gateway, JWT format. I be able to verify that the token contains a user which have sufficient privileges to access the asked resource. APIs I request are on a separate server than the gateway – Alex Apr 21 '17 at 15:29
  • 1
    If you are using the Authorization grant flow (guessing by "get back the token to store it client ") and your gateway gets the tokens, it's probably not suitable for your architecture. The implicit flow is better for apps running in a browser. – Ján Halaša Apr 21 '17 at 19:11
  • I integrated with success an Angular module called "angular-oauth2-oidc", modified it a bit and I documented myself a lot. I now fully understand what you were talking about with implicit flow. This flow was forbidden on our OpenId Connect IDP. I had to use password flow with a discovery document, and customize a bit the thing. Thanks, you are the only one who responded :) – Alex May 11 '17 at 13:05

0 Answers0