Uploaded image for project: 'Nuxeo Enhanced Viewer'
  1. Nuxeo Enhanced Viewer
  2. NEV-41

Rework ARender Previewer authentication

    XMLWordPrintable

    Details

    • Epic Link:
    • Tags:
    • Backlog priority:
      1,000
    • Upgrade notes:
      Hide

      Few Nuxeo properties have been changed. There's no more a requirement on the JWT secret ( nuxeo.jwt.secret ), it can be removed if unused by another feature.

      The OAuth2 settings have been reworked to allow new configuration values. So, nuxeo.arender.secret has been renamed to nuxeo.arender.oauth2.client.secret, and ones below were added:

      Key Description Default
      nuxeo.arender.oauth2.client.create Instructs Nuxeo to create/update the OAuth2 client false
      nuxeo.arender.oauth2.client.id OAuth2 client id on Nuxeo arender
      nuxeo.arender.oauth2.client.secret OAuth2 client secret N/A
      nuxeo.arender.oauth2.client.redirectURI OAuth2 redirect URI (could be relative to arender.server.previewer.host) N/A

      Note: Currently, the redirect URI might be /login/oauth2/code/nuxeo.

      Show
      Few Nuxeo properties have been changed. There's no more a requirement on the JWT secret ( nuxeo.jwt.secret  ), it can be removed if unused by another feature. The OAuth2 settings have been reworked to allow new configuration values. So, nuxeo.arender.secret has been renamed to nuxeo.arender.oauth2.client.secret , and ones below were added: Key Description Default nuxeo.arender.oauth2.client.create Instructs Nuxeo to create/update the OAuth2 client false nuxeo.arender.oauth2.client.id OAuth2 client id on Nuxeo arender nuxeo.arender.oauth2.client.secret OAuth2 client secret N/A nuxeo.arender.oauth2.client.redirectURI OAuth2 redirect URI (could be relative to arender.server.previewer.host) N/A Note: Currently, the redirect URI might be /login/oauth2/code/nuxeo .
    • Sprint:
      nxplatform 11.1.29, nxplatform 11.1.33, nxplatform #11, nxplatform #12
    • Story Points:
      1

      Description

      Goals

      We want to rework the authentication mechanism in order to be able to share the ARender session between several previewers.

      Note: We can't leverage username present in the arender document id for following calls because it will be removed, see NEV-39.

      Technical solutions

      • implement a full OAuth2 challenge in ARender Previewer and store the tokens inside a shared data store
      • set nuxeo JWT in cookie (we miss a way to refresh the token)
      • keep solution as it (Nuxeo gives JWT to ARender which uses it to get from Nuxeo an OAuth2 access token) and store an identifier in cookie on Nuxeo side

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. NEV-215 Complete arender-hmi-package module to make it a BOM

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NEV-331 Fix authentication on ARender for Safari

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NEV-211 Previewer should have a healtcheck that reflects the status of the stack

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. JAVACLIENT-199 Allow building a client without connecting it immediately

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. JAVACLIENT-200 Make OAuth2Interceptor work without a refresh token

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NEV-39 Remove username from ARender document id

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. NEV-160 Implement Nuxeo OAuth 2.0 in Nuxeo connector

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. NEV-327 ARender Previewer should set Cookie compatible with the iframe integration

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NEV-261 Implements a token store for MongoDB

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NEV-301 Allow relative URL for redirectURI

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NXP-29498 Add a way to relax the OAuth https constraint

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NEV-256 Updating ARender secret in configuration has no effect

          • Major - Major loss of function.
          • Resolved
          is required by

          Improvement - An improvement or enhancement to an existing feature or task. NEV-248 Add a feedback when previewer service unavailability

          • Major - Major loss of function.
          • Open
          Is referenced in

          [Captain Hook] PR for 10: #177 PR for 10: #177

          [Captain Hook] PR for 10: #209 PR for 10: #209

          [Captain Hook] PR for 10: #246 PR for 10: #246

          links to

          Web Link TMAPR-3364 - Use of Spring Security OAuth2

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week, 4 hours
                  1w 4h