Hi all,
I am new to Vaadin and considering using it for a new project.
I am aware that Vaadin can be used both with CDI and with Spring (Boot).
I’m considering using the CDI option. However, I’m wondering: is it possible to use openid connect/oauth2 for user authentication in combination with CDI?
And if so: would anyone know a good example of this?
There is unfortunately no ready made demo of this. But I would recommend to study first option to use Apache Shiro, as it is widely adopted in Java EE ecosystem for security. I did brief google searches and there should be generic resources how to use OAth2 and opendid connect with Shiro. I would like to point that there is Shiro integration example for Vaadin 8 here https://vaadin.com/start/v8/full-stack-javaee Download it and study it. It should be possible adopt that for Vaadin 14 once you know how Shiro works. Vaadin 14 configurtion for static resources is a bit different, I think the shiro.ini content would be something like this (I have not tested this yet). These are basically the building blocks how to make it.
[main]
shiro.loginUrl = <your login url>
[urls]
<your login url> = authc
<your logout url> = logout
/favicon.ico = anon
/VAADIN/** = anon
/** = authc
/manifest.webmanifest = anon
/sw.js = anon
/offline.html = anon
/icons/** = anon
/images/** = anon
/styles/** = anon
Meanwhile also as reference we do have an example for Spring Security