Vaadin Flow and JWT

Hello, I am trying to get Vaadin to work with my Spring Boot project that is set up for Angular + JWT. I followed this example GitHub - mstahv/flow-with-jwt-authentication: Example how to enable JWT based authentication with Vaadin Flow and Spring Security However, I cant seem to get the JWT token with vaadin. JSESSIONID isn’t in JWT format, and setting a cookie to contain the JWT token has proven difficult, with login and the subsequent page refresh or url navigation. Is it possble to have a single spring boot project that uses JWT for Vaadin & Angular?

(From Vaadin office Hours)

Ping @quintessential-ibex

How did you handle the JWT Token with Angular? With a Filter?

Hi to be specific this is how I handled the Angular side I followed this. https://roytuts.com/angular-spring-boot-security-jwt-authentication-and-authorization/

So trying to handle the filter for angular and vaadin has proven difficult

Shouldn’t this work out of the box? Because the filter sets the authentication

You don’t need a LoginView

and the configuration should only be like this:

@EnableWebSecurity 
@Configuration
public class SecurityConfiguration
                extends VaadinWebSecurity { 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http); 
    }
}

Unfortunately I don’t have time to test it. But the easiest would be to generate an app with JHipster and add Vaadin

The filter always throws exception, since angular uses headers;vaadin- following the vaadin link above uses cookies. However no cookies get set for JWT and the cookies I do have are not in a JWT format

You don’t need cookies. You can switch to statless authenticaton

I think I’ll try a configuration tomorrow

Ok thank you for helping with this question, I believe I tried stateless but was running into other issues with the filter

https://dzone.com/articles/using-jwt-to-secure-a-stateless-api-world

how about this one ?

Doesn’t really answer what I am looking for, if I use this article I have to figure out how to get vaadin to set an Authorization header on all requests, but I don’t think this is how vaadin handles JWT @nice-camel

Have you switched your authentication to stateless in the spring security conf?

Yes I have the setStatelessAuthentication() like GitHub provided by mstahv, but I couldn’t figure how to do the filter, so it can work for both vaadin and angular.

I had a look at what JHipster is generating

The challenge would be to merge the SecurityConfiguration