I have questions about OidcClient and AnonymousClient.
Can we use SecurityFilterMiddleware to configure endpoints like the following?
- Create a Profile based on that information if already logged in with OIDC
- If not, create an
AnonymousProfilewithout redirecting to the OIDC authentication screen
I have tried this with authorizer and other settings, but have not been successful. It always fails to authenticate or always redirects.
My purpose is defining GraphQL endpoint with authorization. Though some of query needs authorization, endpoint itself requires no authorization. it just needs OIDC / Anonymous profile (I don't need redirect).
Currently, I manually retrieving profile like this (This method requires no AnonymousClient) but not intuitive.
def graphqlRoutes(graphQL: GraphQL): HttpRoutes[IO] = Session
.sessionManagement[IO](sessionConfig)
.apply {
HttpRoutes.of[IO] {
case req @ POST -> Root / "graphql" =>
val ctx = contextBuilder(req, conf)
val manager = new ProfileManager(ctx, conf.getSessionStore())
val profile = manager.getProfile
val profileOpt = Option.unless(profile.isEmpty())(profile.get())
val modelUser: Option[model.User] =
profileOpt.map(/* model convert method */)
req
.as[Json]
.flatMap(j => graphQL.query(j, modelUser))
.flatMap {
case Right(json) => Ok(json)
case Left(json) => BadRequest(json)
}
}
}
I think making Middleware just retrieving profiles may help.
Thank you.
I guess that what you want is to perform a silent login: https://www.pac4j.org/5.7.x/docs/clients.html#8-silent-login
Protect your endpoint with your OIDC client.
Configure your OIDC client with
prompt=nonenot to display any login page if you are not already authenticated andoidcClient.setProfileFactoryWhenNotAuthenticated(p -> AnonymousProfile.INSTANCE);to be anonymous when no authentication exists.