autoconfigure-auth-oidc

autoconfigure-auth-oidc can be used in any application which requires oidc campus authentication. This module is compatible with ais-nuxt module.

How to use in client project ?

shell

repositories {
	maven {
		url 'https://gitlab.com/api/v4/projects/39953646/packages/maven'
	}
	mavenCentral()
}

dependencies {
	// import BOM
	implementation(platform("uiowa.ais.springboot:autoconfigure:0.6.0")) Contact siddharth-sarathe@uiowa.edu for latest bom version
	implementation ("uiowa.ais.springboot:autoconfigure-auth-oidc")
}

Pre-Requisite to use this module

You will first need to register your app with the provider, send email to its-iam@uiowa.edu to register your app. You will need to provide redirect url and scopes when sending email to iam.

Redirect url must be: {your baseUrl}/oidc/callback/aisScopes must be "openid", "uiowa.identifiers"

IAM team will provide you with client id and client secret

Register client id and client secret with this module

Add below properties in your application.properties

uiowa.ais.auth.oidc.client-id=YOUR APP CLIENT ID
uiowa.ais.auth.oidc.client-secret=YOUR APP CLIENT SECRET

Implement AisUserDetailService interface

java

@Service
public class UserServiceDetailService implements AisUserDetailService {
    @Override
    public AisUser loadByHawkid(String hawkid) throws UsernameNotFoundException {
        try {
            return AisUser.withHawkid(hawkid)
                    .roles(Set.of("ADMIN_ROLE"))
                    .universityId(123456)
                    .build();
        } catch (UsernameNotFoundException e) {
            log.error("Exception in getting user account", e);
            throw new UsernameNotFoundException(e);
        }
    }
}

Optional functional interface that you can implement

Implement OnLogin interface if you want to add a logic when user is successful authenticated

java

@Slf4j
@AllArgsConstructor
@Service
public class OnLoginService implements OnLogin {

    private final UserAccountService userAccountService;  

    @Override
    public void execute(String hawkid, HttpServletRequest httpServletRequest) throws Exception {
          log.info("hawkid is {} " + hawkid);
          UserAccount userAccount = userAccountService.findByHawkidAndStatus(hawkid, Status.ACTIVE);
          if (userAccount == null) {
              throw new RuntimeException("User does not exist!!");
          }
          userAccount.setLastLoginTs(LocalDateTime.now());
          userAccountService.save(userAccount);
        }
    }
}

Properties that can be use in application.properties

key	type	default value	description
uiowa.ais.auth.oidc.client-id	String		Required registered client id
uiowa.ais.auth.oidc.client-secret	String		Required registered client secret
uiowa.ais.auth.oidc.redirect-uri	String	/oidc/callback/ais	redirect uri (without base url). Try not to register redirect uri other then default one
uiowa.ais.auth.oidc.registration-id	String	ais	Required registration id (don't change unless necessary)
uiowa.ais.auth.oidc.scopes	List	"openid", "uiowa.identifiers", "profiles"	Required registered scopes, default scopes should be enough for most of the apps
uiowa.ais.auth.oidc.allowed-urls	List		List of urls that will not go through oidc authentication mechanism
uiowa.ais.auth.oidc.api-base-url	String	/api	Your app's base api url

P.S - User impersonation is backed in with this module and tied up with front end ais-auth module

For any concern/issue: tools-springboot slack channel

autoconfigure-auth-oidc ​

How to use in client project ? ​

Pre-Requisite to use this module ​

Register client id and client secret with this module ​

Implement AisUserDetailService interface ​

Optional functional interface that you can implement ​