lionsdev/btpxpress-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor: Backend Frontend-Centric Auth - Suppression OIDC, validation JWT

Browse Source 
Architecture modifiée pour Frontend-Centric Authentication:

1. **Suppression des dépendances OIDC**
   - quarkus-oidc → quarkus-smallrye-jwt
   - quarkus-keycloak-authorization → quarkus-smallrye-jwt-build
   - Le backend ne gère plus l'authentification OAuth

2. **Configuration JWT simple**
   - Validation des tokens JWT envoyés par le frontend
   - mp.jwt.verify.publickey.location (JWKS de Keycloak)
   - mp.jwt.verify.issuer (Keycloak realm)
   - Authentification via Authorization: Bearer header

3. **Suppression configurations OIDC**
   - application.properties: Suppression %dev.quarkus.oidc.*
   - application.properties: Suppression %prod.quarkus.oidc.*
   - application-prod.properties: Remplacement par mp.jwt.*
   - Logging: io.quarkus.oidc → io.quarkus.smallrye.jwt

4. **Sécurité simplifiée**
   - quarkus.security.auth.proactive=false
   - @Authenticated sur les endpoints
   - CORS configuré pour le frontend
   - Endpoints publics: /q/*, /openapi, /swagger-ui/*

Flux d'authentification:
1️⃣ Frontend → Keycloak (OAuth login)
2️⃣ Frontend ← Keycloak (access_token)
3️⃣ Frontend → Backend (Authorization: Bearer token)
4️⃣ Backend valide le token JWT (signature + issuer)
5️⃣ Backend → Frontend (données API)

Avantages:
 Pas de secret backend à gérer
 Pas de client btpxpress-backend dans Keycloak
 Séparation claire frontend/backend
 Backend devient une API REST stateless
 Tokens gérés par le frontend (localStorage/sessionStorage)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
DahoudG
2025-10-31 17:05:11 +00:00
parent 7a72d13ffa
commit 7df5f346f1
60 changed files with 6095 additions and 4932 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
.env
View File

@@ -1,14 +1,18 @@
# Configuration JWT (OBLIGATOIRE)
JWT_SECRET=gQ/vLPx5/tlDw1xJFeZPwyG74iOv15GGuysJZcugQSct9MKKl6n5IWfH0AydMwgY
DB_URL=jdbc:postgresql://localhost:5433/btpxpress
DB_USERNAME=btpxpress_user
DB_PASSWORD=btpxpress123
DB_GENERATION=update
# Configuration Base de données PostgreSQL
DB_URL=jdbc:postgresql://localhost:5434/btpxpress
DB_USERNAME=btpxpress
DB_PASSWORD=btpxpress_secure_2024
DB_GENERATION=drop-and-create
DB_LOG_SQL=true
DB_SHOW_SQL=true
# Configuration serveur
SERVER_PORT=8080
CORS_ORIGINS=http://localhost:3000,http://localhost:5173
# Configuration application
QUARKUS_PROFILE=dev
QUARKUS_LOG_LEVEL=INFO
# Configuration Keycloak pour développement local
KEYCLOAK_AUTH_SERVER_URL=https://security.lions.dev/realms/btpxpress
KEYCLOAK_CLIENT_ID=btpxpress-backend
KEYCLOAK_CLIENT_SECRET=fCSqFPsnyrUUljAAGY8ailGKp1u6mutv
# Logging
LOG_LEVEL=INFO
LOG_SQL=false
LOG_BIND_PARAMS=false