We are converting our non coldbox api to coldbox and where able to create a working hybrid application.
In order to convert some off the endpoints to Coldbox and validate the api requests we would like to use cbsecurity so that we can lean on the framework way.
The JSON webtoken is signed with an Google Private and Public key. We already have this in place and working in the lagacy application.
Users are managed in firestore including the userroles and duplicated to the backend database as the all the data is stored there including schedules based on the users preferences.
Firestore supports user login from multiple platforms like Google, Microsoft, Apple etc.
Forgot the add the question:
Does anyone have any tips on how I can make this work / Best practice?
Well, sin ce you are using your own auth service, it will be a matter of making sure you create a service object that adheres to our interface so cbsecurity can use it: Authentication Services - cbsecurity
You can then create a User object that could be used by the ColdBox app: https://coldbox-security.ortusbooks.com/usage/authentication-services#iauthuser
Once those are in place, you can use the same google private/public keys to sign the ColdBox json web tokens too. We use the
jwt-cfml package for this: FORGEBOX: JWT CFML which allows you leverage signatures as well.
Basically, cbsecurity has all the machinery to protect your application with rules and annotations, but you must tell it how users authenticate and how users authorize.
Try it out, and ask away, we will help as much as possible.
Thanks, that makes a lot of sense.
We are going thru the documentation and sample videos. Tomorrow I have some time to spend on this.
That’s great! We released our official v3 2 days ago, so if anything is discovered, we can patch immediately.