Home > Mobile >  Secure Laravel API with keycloak using socialite provider
Secure Laravel API with keycloak using socialite provider

Time:05-20

im using Keycloak for an SSO to authenticate user that already exist in server (keycloak). I used Socialite provider and i can now authenticate user and access their token on Keycloak. But i want now to store this token during the session and verifie in each call for api from vue js that the user is already authenticated.

Route::get('/', function () {
    return Socialite::driver('keycloak')->redirect();
});

Route::get('/callback/keycloak', function (){
    $user = Socialite::driver('keycloak')->user();
    dd($user);
});

User Info from Keycloak

CodePudding user response:

You are implementing server-side processing. Normally with an implementation like this, you would have to create your own session-token and store it in a place that will be reserved for the client (cookie, session, etc.). or you can pay the client to host the javascript. In this case you can also store $user->token.

Another way is to implement keycloak login in vuejs. This is the way I like to use it because it separates the login and authentication process. And the server side doesn't care how the user logs in, as long as there is a valid session-token.

https://www.keycloak.org/securing-apps/vue

https://www.npmjs.com/package/keycloak-js

  • Related