I have a Keycloak instance in which i created an EventListener (Provider & ProviderFactory) that responds to register events. But now I want this EventListener to call an endpoint in my SpringBoot app which is secured by this Keycloak instance (as client). For this I can simply send a Http request from inside the EventListenerProvider. However, I am wondering how I can secure the endpoint so that only this Keycloak event listener can access the endpoint.

Can Keycloak authenticate itself for a client endpoint ???

Maybe u guys have an idea.

CodePudding user response：

It's just like other apps that calls each other using a token they got from Keycloak. You can define a client for your even listener in Keycloak realm (or for your Keycloak as a whole in case it may want to call other endpoints in future). Then before making a call to your Spring endpoint, you get a token from Keycloak via the client-id/client-secret (by calling the /token endpoint of your realm) and put it as the Authorization header in your request.