Skip to content

Add JWT-based "Remember Me" Authentication Option to Vaadin App Creator #7440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
LiveNathan opened this issue Mar 17, 2025 · 1 comment
Open

Add JWT-based "Remember Me" Authentication Option to Vaadin App Creator #7440

LiveNathan opened this issue Mar 17, 2025 · 1 comment
Labels
feature request start.vaadin.com

Comments

@LiveNathan
Copy link

Describe your motivation

When creating new Vaadin applications, I find myself repeatedly implementing the JWT-based "Remember Me" authentication functionality as described in Vaadin's blog post JWT authentication with Vaadin Flow. This pattern has become a standard practice in my projects due to the improved user experience it provides, allowing users to stay logged in between sessions without compromising security.

Currently, this functionality needs to be manually implemented in each new project, which requires additional development time and introduces the possibility of inconsistent implementations. Since this is a well-documented pattern that Vaadin themselves recommend, it would be beneficial to have it available as a built-in option when creating new projects through the start.vaadin.com app creator.

Describe the solution you'd like

I propose adding a "Remember Me Authentication" checkbox option to the project configuration screen at start.vaadin.com. This would work as follows:

  1. On the final configuration screen before project download, add a new checkbox option in the security section labeled "Include JWT Remember Me Authentication"
  2. When selected, the generated project would include:
    • The necessary JWT token handling classes
    • Cookie-based token storage implementation
    • Pre-configured security settings for token validation
    • The "Remember Me" checkbox in the login form. (optional, I never actually do this)
    • Basic configuration properties in application.properties for JWT secret and token expiration

This implementation would follow the pattern described in Vaadin's blog post about JWT authentication with Vaadin Flow, ensuring that developers can immediately leverage this functionality without having to manually implement it.

The option could be enabled by default when a user selects authentication in their project, or it could be presented as an additional opt-in feature. Either way, including this commonly-used pattern would save development time and promote consistent implementation of authentication best practices across Vaadin projects.

Describe alternatives you've considered

copy/paste from old projects

Additional context

No response
@mstahv
Copy link
Member

mstahv commented May 7, 2025

IMO authentication related defaults in the platform (and generated project stubs) should be re-thought on other areas as well. E.g. remove username-password legacy and use passkeys only as the new default or move to rely on third party authorisation with OAuth2.

Related to this, I just checked with one of my demo apps that Spring Boot based (using Passkeys with Spring Security, without separate authorisation server), the good old receipe seems to drop just fine for that setup as well. I was about to get tired putting my fingerprint on the mac keyboard while developing, and then your ticket reminded me that Vaadin development don't have to be this frustrating 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request start.vaadin.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mstahv @ZheSun88 @LiveNathan