You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A REST endpoint that issues challenge nonces is required for authentication.
140
-
Since this step is part of the authentication flow, it is implemented as a Spring Security filter instead of a regular controller. The filter must support `POST` requests.
139
+
Request Filters that issue challenge nonces for regular Web eID and Web eID for Mobile authentication flows are required for authentication.
140
+
The filters must support POST requests.
141
141
142
-
The `WebEidChallengeNonceFilter` handles `/auth/challenge` requests and issues a new nonce.
142
+
The `WebEidChallengeNonceFilter` handles `/auth/challenge` requests and issues a new nonce for regualar Web eID authentication flow.
143
143
See the full implementation [here](example/src/main/java/eu/webeid/example/security/WebEidChallengeNonceFilter.java).
144
144
145
145
```java
@@ -174,7 +174,7 @@ public final class WebEidChallengeNonceFilter extends OncePerRequestFilter {
174
174
}
175
175
```
176
176
177
-
Similarly, the `WebEidMobileAuthInitFilter` handles `/auth/mobile/init` requests and issues a deep link for mobile authentication.
177
+
Similarly, the `WebEidMobileAuthInitFilter` handles `/auth/mobile/init` requests for Web eID for Mobile authentication flow by generating a challenge nonce and returning a deep link URI. This deep link contains both the challenge nonce and a login URI for the mobile authentication flow.
178
178
See the full implementation [here](example/src/main/java/eu/webeid/example/security/WebEidMobileAuthInitFilter.java).
179
179
180
180
```java
@@ -221,7 +221,8 @@ public final class WebEidMobileAuthInitFilter extends OncePerRequestFilter {
221
221
}
222
222
```
223
223
224
-
Both filters are registered in the Spring Security filter chain in ApplicationConfiguration:
224
+
Both filters are registered in the Spring Security filter chain in ApplicationConfiguration
225
+
See the full implementation [here](example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java):
Copy file name to clipboardExpand all lines: example/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -117,7 +117,7 @@ The `src/main/java/eu/webeid/example` directory contains the Spring Boot applica
117
117
- `security`: Web eID authentication token validation library integration with Spring Security
118
118
- `AuthenticationProvider`and `AuthenticationProcessingFilter` for handling Web eID authentication tokens,
119
119
- `WebEidChallengeNonceFilter`for issuing the challenge nonce required by the authentication flow,
120
-
- `WebEidMobileAuthInitFilter`for generating the deep link (`auth_uri`) used in mobile login,
120
+
- `WebEidMobileAuthInitFilter`for issuing the challenge nonce and generating the deep link with the authentication request, used to initiate the mobile authentication flow,
121
121
- `WebEidAjaxLoginProcessingFilter`and `WebEidLoginPageGeneratingFilter` for handling login requests.
122
122
- `service`: Web eID signing service implementation that uses DigiDoc4j, and DigiDoc4j runtime configuration,
123
123
- `web`: Spring Web MVC controller for the welcome page and Spring Web REST controller that provides a digital signing endpoint.
0 commit comments