Hi, You could use any OAuth library you like. The idea is: - when an unauthenticated user requests a secured page Wicket should redirect to the login page - that logic page is not managed by Wicket but by your preferred OAuth library - in the callback from the OAuth library you should save the data in your WebSession, e.g. principal, roles, etc. which you should use later for authorization
On Wed, Jan 19, 2022 at 12:39 AM Boris Goldowsky <[email protected]> wrote: > What is the current best practice for allowing users to sign in to a > Wicket application using an OAuth2 provider (eg Google account, Twitter, > Canvas, etc). > > * Is Apache Shiro a possibility? Looks like it’s got some Wicket > integration, but OAuth2 is listed as “coming”. > * PicketLink? > * Something from https://oauth.net/code/java/ ? > > Anyone with a working implementation care to give some pointers? > > Looks like there may have been some discussion of this 10 years ago on > this list, but not more recently that I can find. > > Thank you! > > Boris > >
