Skip to content
/ oidc-desktop Public
forked from joao-rebelo/oidc-desktop

Desktop OIDC integration demo, remove login page / JS dependencies

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

serge-xav/oidc-desktop

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.idea
.idea
 
 
demo-client
demo-client
 
 
server
server
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dbFolder.zip
dbFolder.zip
 
 

Repository files navigation

OIDC Desktop

This is a runnable example of how to achieve Desktop Spring OIDC support. A full description of its internal can be found in my article: https://www.linkedin.com/pulse/oidc-desktop-jo%25C3%25A3o-rebelo

The tokens are retrieved with an OIDC Authentication Code Flow, and the response is then provided to the AuthenticationProviderImpl class

We've created / cloned a new OAuth2LoginAuthenticationToken which doesn't require the exchange object, and on AuthenticationProviderImpl we use the same Nimbus code that is used internally on Spring to parse the OIDC responses / tokens.

Since this is a Desktop application we've set the SecurityContextHolder to work in GLOBAL mode. Therefor we needed to create / clone the DesktopOAuth2AuthorizedClientExchangeFilterFunction to change the getAuthentication method (not use the Thread Local)

The application is able to refresh its token if needed. Making a back-channel logout when the application closes isn't hard, but depends on the IdP specifics.

To execute

  • Run the server
  1. Build the images into local docker.
    1. cd server
    2. gradle jibDockerBuild
  2. Unzip the dbFolder.zip
  3. At server/demo-compose change the device from postgres_data volume to the unzipped dbFolder path
  4. docker-compose up. Will use ports 2. 8080 for Keycloak 3. 8081 for Demo Server
  • Run the client
  1. Get a license from jxBrowser
  2. Set the license at the client application.yml
    1. Copy the demo-client\src\main\resources\application.yml.template to demo-client\src\main\resources\application.yml
    2. Replace the <yourLicenseHere!!> with your license
    • If you change any port from the docker-compose file it has to be adapted here
  3. Build the client:
    1. cd demo-client
    2. gradle build
  4. Run the client:
    1. java -jar demo-client\build\libs\demo-client-1.0-SNAPSHOT.jar
  5. Login with the demo account: test / test

Components

Demo-client

Contains the Swing application that performs the login and calls the server.
Uses a jxBrowser to run the Authorization Code flow with the IdP.
Uses redirect interception to extract the tokens in Java, via Nimbus library

Demo-server

This project contains the Resource Server of an hello world which replies with the "preferred_username" claim from the request.

demo-compose

Example compose file to launch the server (removal of origin login page / keycloak implementation)

Keycloak

The dump on this repository will use an admin / admin master user.
It defines an "example" realm, with an "exampleClient" client.
It contains a single user: test / test. This can be used to login from the Demo-client

About

Desktop OIDC integration demo, remove login page / JS dependencies

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%