I have a Java spring backend that is using LDAP for user accounts and spring-security for authentication.
I also use spring-security-oauth2 for client authentication and I have a client authenticated with a JWT.
Using that JWT, how can I use NodeJS to decrypt the JWT and retrieve the session information (user and roles) in my database?
I also have a X-XSRF-TOKEN I think I need to verify (cookie).
Is it possible?
I have a Java spring backend that is using LDAP for user accounts and spring-security for authentication.
I also use spring-security-oauth2 for client authentication and I have a client authenticated with a JWT.
The whole idea of JWT is that it is stateless (no sessions). If you have an unique solution where sessions are somehow tied to JWT, you should include a diagram or more description.
Using that JWT, how can I use NodeJS to decrypt the JWT and retrieve the session information (user and roles) in my database?
You can use JsonWebToken library and store/retrieve the username (or some other type of user or session identification token) in the subject field.
I also have a X-XSRF-TOKEN I think I need to verify (cookie).
CSRF/XSRF is usually disabled in JWT applications (see accepted answer here CSRF Token necessary when using Stateless(= Sessionless) Authentication?). In spring boot the middleware is enabled by default, but can be disabled like so:
@EnableWebSecurity
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}
}
I wonder, why would you decode the token in NodeJs if you actually need to work with it in the backend? NodeJS is a backend, and I want to extend the backend with nodejs and use the same users and perms, does it make more sens to you now?