Vaadin app as Oauth2 ResourceServer

Hi, regarding security integration with Vaadin Flow and external Oauth2/OIDC SSO, By the docuemntation it support only OIDC client directly exposed to UserAgents, so my question is, it is possible to configure it as a Oauth2 ResourceServer, or how it work if it is behind WAF or any kind of reverse proxy who is managing SSO with external IDP instead of application it self.

@quirky-zebra any toughts on that?

I’m not sure I understand your question tho. Do you wanna call a backend system with the AccessToken provided by your third party ID provider?

nope. in your documents, and you can see here(, vaadin Flow ServerSide app is configured as an oidc client as an authorization_code grant type.

And i’m interesting to see how to configure Vaadin app as Resource server, just verifijin access token - not asking IdP to issueing it.

and this is how vaadin is now integrated with Idp in SSO

There is no build in function for such use-case. This issue and the linked repo could be interesting for you with JWT usage

it is looking promising, springsecurity should look like this:
verifing the JWT against IdP and then building sec context together with HTTP and Vaadin session!