Is it too much the usage/development of an authentication app instead of implementing the interface org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider as written in the docs?Configure Authentication | docs.camunda.org
This wll require the storage of user credentials on the custom app (or the usage of a service, google auth ecc) as well as writing the user profiles in the engine since it will use them to assign the tasks.
I’m not sure on what would be the best, i cite:
<< Note that HTTP Basic Authentication does not provide encryption and should be secured by an SSL connection.
The authentication provider is exchangeable. You can implement the interface org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider to provide another authentication method and change the filter’s initialization parameter accordingly.
SSL is not a problem, but my concern is: since camunda in basic auth uses checkPassword on org.camunda.bpm.engine.ProcessEngine, what if i do implement something different such as a token auth? My approach will be to put some custom code in isAuthenticated(…) in a custom implementation of AuthenticationProvider to check my token and bypass checkPassword if the token is valid. I’ll invalidate the session and ask for authentication otherwise.
That will still require some kind of “session” database and code to handle, that’s why i’m not sure if i should implement auth on the process engine or keep it outside…
I hope any seasoned developer can warn me about the downsides of maintaining this kind of auth checks inside or outside the process engine.
Also, not sure on the usage of augmentResponseByAuthenticationChallenge method of org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider, how is it used in camunda?
Thank you for any best practices or opinion on this topic