Vaadin Flow and JWT

Hello, I am trying to get Vaadin to work with my Spring Boot project that is set up for Angular + JWT. I followed this example GitHub - mstahv/flow-with-jwt-authentication: Example how to enable JWT based authentication with Vaadin Flow and Spring Security However, I cant seem to get the JWT token with vaadin. JSESSIONID isn’t in JWT format, and setting a cookie to contain the JWT token has proven difficult, with login and the subsequent page refresh or url navigation. Is it possble to have a single spring boot project that uses JWT for Vaadin & Angular?

(From Vaadin office Hours)

Ping @quintessential-ibex

How did you handle the JWT Token with Angular? With a Filter?

Hi to be specific this is how I handled the Angular side I followed this.

So trying to handle the filter for angular and vaadin has proven difficult

Shouldn’t this work out of the box? Because the filter sets the authentication

You don’t need a LoginView

and the configuration should only be like this:

public class SecurityConfiguration
                extends VaadinWebSecurity { 

    protected void configure(HttpSecurity http) throws Exception {

Unfortunately I don’t have time to test it. But the easiest would be to generate an app with JHipster and add Vaadin

The filter always throws exception, since angular uses headers;vaadin- following the vaadin link above uses cookies. However no cookies get set for JWT and the cookies I do have are not in a JWT format

You don’t need cookies. You can switch to statless authenticaton

I think I’ll try a configuration tomorrow

Ok thank you for helping with this question, I believe I tried stateless but was running into other issues with the filter

how about this one ?

Doesn’t really answer what I am looking for, if I use this article I have to figure out how to get vaadin to set an Authorization header on all requests, but I don’t think this is how vaadin handles JWT @nice-camel

Have you switched your authentication to stateless in the spring security conf?

Yes I have the setStatelessAuthentication() like GitHub provided by mstahv, but I couldn’t figure how to do the filter, so it can work for both vaadin and angular.

I had a look at what JHipster is generating

The challenge would be to merge the SecurityConfiguration