tutorial-social-logins's People
Contributors
Stargazers
Watchers
Forkers
alforstudy astrokathi yky32 ioware37 snaketwo yashodhah khackjoker dangnh13 sandipchitale noovertime wlad267tutorial-social-logins's Issues
Is it possible to use acess/refresh token from Auth0 directly for resource server authentication
Hi, just read your article https://www.jessym.com/articles/stateless-oauth2-social-logins-with-spring-boot, thank you for putting together a very detailed article! I found it very informative and relevant. (I always find it confusing for oauth-client to be stateful where SSO is usually stateless).
And I've got some questions regarding some design decisions and I wonder if you could provide your insights.
First, I'd like to share my understanding of Single Sign-On, for a typical website with a separated backend/frontend, where the frontend calls the backend's REST API to do various things, and authentication is done via bearer token (JWT). So there is no typical session/cookies involved.
| Step | Action | My Expected Result | Reality |
|---|---|---|---|
| 1 | oauth client exchange auth code with tokens | auth server returns (ID Token, Access Token, Refresh Token) | Auth server (Auth0 for example) returns ID Token and Refresh Token as expected, but access token is missing payload |
| 2 | backend provides session for frontend | backend process ID Token (register new user, etc), and send (Access Token, Refresh Token) to frontend to be used in future API calls (JWT) | oauth-client processes (ID Token, Access Token, Refresh Token), and sends a traditional cookie back to frontend |
| 3 | frontend calls backend API that requires authorization | Frontend includes Access Token as part of HTTP request header: "Authentication: Bearer xxx" | Frontend includes cookie in HTTP request |
Is the reality expected? Is there something missing/wrong in my understanding?
I am particularly confused by the usage of session/cookie in step 3, we already retrieved access token from step 2, why no simply use it for future authorization with backend APIs.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.