Category: Entwicklung

Webentwicklungg, Programmieren, Software, Server… irgendwie alles was in den Bereich Computer und Entwicklung fällt

Anything regarding web-development

Posted on

Vue and Keycloak do not have a proper JS client that works with mobile native

There are currently 2 packages to integrate keycloak-js with your Vue 3 WEB app.

https://github.com/dsb-norge/vue-keycloak-js
and
https://github.com/baloise/vue-keycloak

But each have their quirks and issues.

If you want to use keycloak in a native app, none of these work.
There is keycloak-ionic and someone created a repo https://github.com/marchalb/qkeycloak to showcase a modified version of dsb-norge/vue-keycloak-js and keycloak-ionic, but that also isn’t working.

So the current state for OIDC client apps is: NOT FUNCTIONAL

OIDC fails the K.I.S.S. principle. It is so complicated that no one has managed to write something that works for every scenario.
Mobile and Web are some very common scenarios, why is there nothing that provides this functionality?

I think it’s better to abandon OIDC, since all that’s left are commercial offerings and the open source ones don’t work properly,
and write your own auth package, which may not be as sophisticated but at least it will work for you and your needs and you know what it’s doing.

Posted on

Golang get openid-connect userinfo

It might not be news to you, but this will explain a little bit about Go, making http requests and parsing the result.

OpenID-Connect (oidc) is an identity protocol, you could call it an Oauth2 dialect. It manages your users per realm, well not the protocol but the server does.
Every oidc idp (identity provider aka server) should support the oidc discovery feature.
What is a good OIDC IDP? Keycloak for instance, because it’s free.
Essentially it’s a well known URI that provides information about this IDP or this IDP’s realm in JSON.
The “.well-known/openid-configuration” is appended to the IDP.
To see a live one you could navigate to https://connect.icod.de/auth/realms/testrealm/.well-known/openid-configuration

It lists all the endpoints this server handles and supported grant types and much much more.

I’ve been working with websockets lately and faced the challenge that websockets don’t support passing HTTP headers,
so I had to log in with the token my frontend received by the IDP. And for security reasons this had to be the raw token, not the parsed subject field, because it’s not cryptographically protected.
This means I had to ask the IDP if the token I had received was valid and extract the subject from it.

The below code is the 1st version of how I did it.
It queries the openid-connect discovery document, since the structure was unknown to me, I decoded the response body from the request into a map[string]interface{}.
However in retrospect, I could’ve defined a struct with only the single requested variable in it:

Then this userinfo endpoint is queried with the Accesstoken passed as a Bearer token in the Authorization header.
The result is decoded into the UserInfo struct instance and returned by the function.

I use spew, which is a very helpful tool to display the content of the returned variable.

Posted on

The stupidity and ambiguitiy of Vue

Rant mode:

Which idiots name template references “ref” and then name essentially all composition api variables “ref()” as well!?!

YEAH GOOD FUCKING JOB VUE DEVELOPER IDIOTS
It makes searching for answer so much more fucking frustrating! Fucking idiots.

Posted on

Spring Data JPA fixtures

What are fixtures? Fixed data that is always present in the database. You can think of it as the initial dataset.

application.properties

The documentation speaks of “the root classpath”, not knowing Java well I had no idea what that means and an answer on Stackoverflow was of course wrong.
It’s not the “src” dir, but the “resources” dir.

So with the above configuration we set spring.sql.init.data-locations=classpath:db/data.sql
which means we create a directory named “db” under src/main/resources.
Also we create a file named “data.sql”.

If you have spring.jpa.hibernate.ddl-auto=create but not spring.jpa.defer-datasource-initialization=true, data.sql will be executed before the schema is created by JPA and then the tables will be destroyed and created.

data.sql obviously contains sql statements like INSERT INTO profiles (name) VALUES('Darko').
data.sql is only for data, don’t use it for schema.
The location setting for schema is spring.sql.init.schema-locations= e.g. spring.sql.init.schema-locations=classpath:db/schema.sql.
Since you’re using schema.sql you don’t need to defer data initialization.

Details at the Spring Boot JPA reference documentation