Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support the authorization code flow for Server Web Apps

See original GitHub issue

Description The OIDC adapter has to be able to authenticate the users accessing the server web apps/confidential clients using the best practice code flow. Stian recommends to distinguish between the bearer only and code flow modes using very user friendly property values something like:

# the adapter just checks the token with 401/403
mode=authorization-only

# the adapter will redirect when the user is not authenticated and possibly authorize as well based on the roles in the IdToken, while also letting the web app forward the access tokens further if needed
 
mode=web

etc. @stianst, @pedroigor FYI.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:24 (18 by maintainers)

github_iconTop GitHub Comments

1reaction
stianstcommented, Oct 24, 2019

Find some random person in the supermarket and ask them

On Thu, 24 Oct 2019, 16:57 Pedro Igor, notifications@github.com wrote:

Yeah, that could help. Whatever the person says we use 😃

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/quarkusio/quarkus/issues/4480?email_source=notifications&email_token=AARKSFYQI6D7QXDC4JXMPQTQQGZWHA5CNFSM4I7CEWYKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECFKUEQ#issuecomment-545958418, or unsubscribe https://github.com/notifications/unsubscribe-auth/AARKSFZNHKVOFQLKPBMPYVDQQGZWHANCNFSM4I7CEWYA .

0reactions
pedroigorcommented, Oct 25, 2019
Read more comments on GitHub >

github_iconTop Results From Across the Web

Authorization Code Flow - Auth0
Because regular web apps are server-side apps where the source code is not publicly exposed, they can use the Authorization Code Flow (defined...
Read more >
Microsoft identity platform and OAuth 2.0 authorization code flow
The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources ...
Read more >
OAuth 2.0 Web Server Flow for Web App Integration
With an authorization code, the connected app can prove that it's been authorized as a safe visitor to the site and that it...
Read more >
Using OAuth 2.0 for Web Server Applications
This OAuth 2.0 flow is specifically for user authorization. It is designed for applications that can store confidential information and maintain ...
Read more >
Guide to Authorization Code Flow for OAuth 2.0
In the Authorization Code flow, the server-side component of the web application can freely manage the user's session upon authenticating with the ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

OIDC adapter has to provide HttpPermissionChecker

Next page

Offer a Redis extension