Home > Net >  how do I design my authenticated requests and my frontend
how do I design my authenticated requests and my frontend

Time:10-15

i am currently working on a project where my backend uses Spring Boot, Spring security keycloak and runs on localhost:8081.

My frontend (svelte) runs on http://127.0.0.1:5173/ and the url http://127.0.0.1:5173/products needs to access data from localhost:8081/products (which needs a login) but the login page from keycloak doesnt appear.

In other words, what i am trying to achieve: I want that the url http://127.0.0.1:5173/products redirects to localhost:8081/products which redirects to keycloak login page and after a successfull login i want to return to http://127.0.0.1:5173/products where i will be able to see the data.

is there an elegant solution to this problem? Im really stuck on this problem and this is one of my first projects.

Thanks in advance!!

CodePudding user response:

Some OAuth2 wording:

  • Keycloak is an authorization-server (OIDC complient)
  • Svelte app is a client
  • Spring REST API is a resource-server

Ensure that a "public" client is declared in Keycloak.

Configure your Svelte client with an existing OIDC lib (component) of your choice to:

  • use the "public" client deckared in Keycloak
  • authenticate users against Keycloak (socket is not the same as spring API)
  • add an authorization header with a JWT access-token retrieved from Keycloak (when issuing requests to your secured REST endpoints)

Configure Spring API as a secured resource-server with a JWT decoder.

You can refer to this article for configuring Keycloak and resource-server with JWT access-tokens.

  • Related