Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

OIDC for http services

26 views
Skip to first unread message

Carlos Agudo

unread,
Oct 7, 2024, 1:21:22 PM10/7/24
to Orbeon Forms
Hello All,

Before asking this, i saw several responses (like using a filter etc..), but so far i have tried several things, nothing seems to work.

I have an OIDC provider (in my case keycloak, but i guess could be okta or auth0 or whatever).
So I was able to secure the form builder with "keycloak", so when I enter the keycloak ask for login, and it works fine.
(both in header/ container authentication method).

But all my APIS require to have the Authorization Header: Bearer **and the token**
So, my Http service will ask for my apis something like https://serverClients/api/v1/clients GET (and a list of clients should be received in a json)
I tried using filters , sticky headers, forward-headers, etc..etc..
Nothing seems to work.

Its not this case quite common nowadays? To have your API protected with a simple jwt token?
I wonder if its possible without using liferay, proxy servlets, custom authorizators etc..

Just consider the case of someone using the forms with the docker-composer example.


Thanks a lot for the effort!

Alessandro Vernet

unread,
Oct 7, 2024, 5:56:47 PM10/7/24
to orb...@googlegroups.com
Hi Carlos,

Currently, you'll need to modify the source of your form by adding an `xf:header` inside the `xf:submission` that corresponds to your service. For example, you could store the token in your `properties-local.xml` under a custom property named `acme.bearer-token`, and use `xxf:property('acme.bearer-token')` to retrieve it.

However, we'd like to improve this process! Does using a property work for you, or would you prefer to provide the token in another way?

<xf:submission id="custIONrest-submission" class="fr-service"
               resource="https://example.com/api"
               method="post"
               serialization="application/json"
               mediatype="application/json">
    <xf:header>
        <xf:name>Authorization</xf:name>
        <xf:value value="concat('Bearer ', xxf:property('acme.bearer-token'))"/>
    </xf:header>
</xf:submission>

-Alex

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orbeon+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orbeon/aeaeae72-80e8-456d-a0cd-c02a638fe83an%40googlegroups.com.

Carlos Agudo

unread,
Oct 9, 2024, 3:26:49 PM10/9/24
to Orbeon Forms
Ohh super sorry, its ALessandro not alex! sorry!
Reply all
Reply to author
Forward
0 new messages