We are beginning the migration of our Connect app to the Forge platform and have implemented the first step in the process.
In our Forge app:
- We are using a custom UI.
- We invoke the Forge resolver using
@forge/bridge
’sinvoke()
method. - Inside the resolver, we call our existing Connect app APIs using
@forge/api
’sinvokeRemote()
.
On the Connect (Java-based) side:
- We have annotated the target REST API methods with
@ForgeRemote(associateConnect = true)
. - All required configurations have been added in the
manifest.yml
.
With this setup, everything is working as expected:
- The request reaches our Connect app API successfully.
- The API executes correctly.
- Within the REST API, we are able to retrieve the user using
authenticationContext.getUser()
.
The issue:
We have a Java Servlet Filter in our Connect app where we perform additional validations—such as checking the user’s role in our database—before allowing the request to proceed.
However, when the request comes from the Forge app via invokeRemote
, inside the servlet filter, authenticationContext.getUser()
returns null
.
(Note: This works fine when the same API is called via Insight REST APIs or browser.)
Questions:
- What additional configuration or setup is needed so that
authenticationContext.getUser()
is available in the servlet filter when the call comes from Forge viainvokeRemote()
? - Or, is there a recommended alternate approach to handle authentication and authorization in this kind of Forge-to-Connect communication?
- Is it expected that the user context is only available inside the API method annotated with
@ForgeRemote
, and not outside (e.g., in filters)? - Can we manually extract the user context from headers or JWT if needed inside the filter? If yes, how?