Compilation fails if JWT auth is selected

[JasonTypesCodes]

This was likely introduced with the OAuth support:

[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ jhipster ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 64 source files to /home/schindlerj/src/temp/jhipster/base-test/target/classes
[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR : 
[INFO] -------------------------------------------------------------
[ERROR] /home/schindlerj/src/temp/jhipster/base-test/src/main/java/io/github/jhipster/sample/security/KeycloakEndSessionEndpoint.java:[7,43] package io.micronaut.security.oauth2.client does not exist
[ERROR] /home/schindlerj/src/temp/jhipster/base-test/src/main/java/io/github/jhipster/sample/security/ApiLogoutController.java:[10,36] package io.micronaut.security.oauth2 does not exist
[ERROR] /home/schindlerj/src/temp/jhipster/base-test/src/main/java/io/github/jhipster/sample/security/JHipsterOpenIdUserDetailsMapper.java:[7,50] package io.micronaut.security.oauth2.configuration does not exist

[ZacharyKlein]

@JasonTypesCodes This should be fixed now. I moved the listed classes to a conditional block for oauth2

[JasonTypesCodes]

New error now:

[INFO] ERROR in /home/schindlerj/src/temp/jhipster/base-test/src/main/webapp/app/layouts/navbar/navbar.component.ts(58,5):
[INFO] TS2554: Expected 1 arguments, but got 0.

It looks like the login method on the LoginService is expecting a Login credentials as input.

[mraible]

I'm curious - why is there a Keycloak-specific class (KeycloakEndSessionEndpoint)? We try to make our OAuth implementation IdP-agnostic.

[jameskleeh]

@mraible Because end session implementation is not part of the open id spec, thus vendor specific details have to be provided. Micronaut security does not currently have an implementation specific to Keycloak

[sdelamo]

Since the redirect parameters are being populated from Javascript. We probably should be able to replace KeycloackEndSessionEndpoint with:

package <%=packageName%>.security;

import io.micronaut.http.HttpRequest;
import io.micronaut.http.server.util.HttpHostResolver;
import io.micronaut.http.uri.UriBuilder;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
import io.micronaut.security.oauth2.configuration.endpoints.EndSessionConfiguration;
import io.micronaut.security.oauth2.endpoint.endsession.request.EndSessionEndpoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.annotation.Nullable;
import javax.inject.Named;
import java.net.URI;

@Named("oidc")
public class OidcEndSessionEndpoint implements EndSessionEndpoint {
    private static final Logger LOG = LoggerFactory.getLogger(OidcEndSessionEndpoint.class);

    private final OpenIdProviderMetadata openIdProviderMetadata;

    public OidcEndSessionEndpoint(@Named("oidc") OpenIdProviderMetadata openIdProviderMetadata) {
        this.openIdProviderMetadata = openIdProviderMetadata;
    }

    @Nullable
    @Override
    public String getUrl(HttpRequest originating, Authentication authentication) {
        return openIdProviderMetadata.getEndSessionEndpoint();
    }
}

[mraible]

You might be able use something similar to what we use for Spring Boot. We just have a LogoutController that returns the logout endpoint URI and ID token. This works with both Keycloak and Okta.

Spring Security supports RP-Initiated Logout, but I've been unable to get this to work when adding a JS client to the mix. Also, it requires that you hard-code the post-logout-redirect-uri, which I think is inconvenient.

[JasonTypesCodes]

I created #45 for the Keycloak implementation