Api authentication

ajeetku · December 4, 2018, 3:53pm

I need to implement spring basic security for web and auth0 for api in single application but both are not working together
Any one Will help me for this

James.Morrison · December 4, 2018, 4:10pm

Hello there @ajeetku, we are be happy to help. When you get a moment can you share some more details on what may be going on. You mentioned Spring which we have a quick start doc for here. We also have detailed documentation on utilizing Auth0’s Authentication API here. Thanks!

ajeetku · December 4, 2018, 4:15pm

Hello James I am able to use auth0 and spring basic security one by one but together

ajeetku · December 4, 2018, 4:20pm

My implemention is something like this but it’s not working

protected void configure(HttpSecurity http) throws Exception {
        JwtWebSecurityConfigurer
                .forRS256("YOUR_API_AUDIENCE", "YOUR_API_ISSUER")
                .configure(http);

http.authorizeRequests()
		.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
		.antMatchers("/dba/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
		.and().formLogin();
    }

James.Morrison · December 5, 2018, 5:31pm

I wanted to follow up @ajeetku and see what error exactly you are getting? Whether it be in the logs or the developer console. I want to understand better the hurdle you’re facing so we can work together to resolve it. Thanks in advance.

ajeetku · December 5, 2018, 5:37pm

We are returning x-auth-tocken from spring basic security after authentication but when using auth0 along with basic security it’s not return tocken after authentication in header

James.Morrison · December 7, 2018, 5:38pm

When you get a chance @ajeetku can you DM me your tenant name and a HAR file when reproducing the workflow that produces the error. Once you got it please DM it over to me and I’ll be happy to take a deeper look at what may be going on. Thanks in advance!

James.Morrison · December 10, 2018, 2:42pm

Thank you for the HAR file, I will take a deeper look at this and see what I am able to find that may help us troubleshoot the issue.

James.Morrison · December 17, 2018, 10:19pm

I wanted to follow up and let you know I reached out to you via a Direct Message in regards to this topic. Thanks.

ajeetku · December 18, 2018, 6:45pm

Thanks you is there any update on this

xmsl · December 19, 2018, 2:55am

Hi, did code flow change? Authentication API Explorer

IRCC secret was not necessary for code flow until a week ago.

Thanks!

ajeetku · December 19, 2018, 1:21pm

Thank you for your update

is this related with my problem

James.Morrison · December 19, 2018, 1:53pm

Hey there @ajeetku, when you get a chance can you respond to my direct message I sent you that is requesting more information? Thanks in advance!

James.Morrison · December 26, 2018, 2:19pm

I wanted to follow up @ajeetku and see if when you get a minute if you could send me an updated HAR file so we can continue to further investigate the issue at hand. Thank you in advance!

ajeetku · December 26, 2018, 3:24pm

Ok I will send you HRA tomorrow

ajeetku · December 27, 2018, 5:54am

find attached har file localhost.har (392.8 KB)

James.Morrison · January 7, 2019, 3:19pm

When digging into the attached HAR file I only see an 401 error of “GET http://localhost:8080/user/getUserDetail” but 200 success prior to that on the same route. Is there any additional details you can share on your setup to help us troubleshoot this challenge? Thanks in advance @ajeetku!

James.Morrison · January 14, 2019, 1:55pm

I wanted to reach out again @ajeetku and see if you had any additional details that can help us better identify what may be occurring? Thanks.