Comments (4)
Hi,
In the standard OAuth authentication flow, the entrypoint is the keycloak login page. That's why the wrapper build the login page URL from keycloak server URL and then redirect the user to it. After login, the token management is based on OAuth token/codes returned by keycloak server throw the redirect URL. Do you want to customize the login URL to first redirect the user to your webapp login page and then redirect the user to the keycloak from your login page ?
from angular2-keycloak.
This is the flow I would have love (granted it isn't against the RFCs) :
- Login with username/password in a custom login form
- Use the given credentials to compute the Basic auth tokens
- Rely on the keycloak.json conf to POST a request to the chosen realm
- Handle the response and returned tokens in the keycloak adapter, to continue with the usual flow.
I don't even know if it's allowed, worthy, or in anyway feasible, basically it would be an override of the Keycloak.login()
method, to manage authentication in my context without having to redirect the user.
from angular2-keycloak.
It is also possible to grant tokens with the client/secret (Resource Owner Password Credentials Grant) but you can also to use implicit/hybrid flows. Have a look to the official doc to find the flow you needs. Then, assuming you retrieved the access token / refresh token / identity (throw your login form + direct grant), you may assign them directly to the corresponding keycloak vars (and also update init/login states subjects if you need authz). Then you can adapt the wrapper to handle a new custom adapter wich will redirect the user to your login form (when refresh tokens are expired) instead of redirecting to keycloak login. Notes that the authorization code flow is the more secured flow, so this approach will be less secured.
Feasible but only by changing the core and adding a new adapter. By using the keycloak login and the wrapper out of the box, you will probably save your time (you will also save time for all other user's managements operations like password management, registering, external identity providers, etc)...
from angular2-keycloak.
Thanks for your input, this will help with the Costs/Benefits matrix !
I'll be using the standard flow, easy to use and already proven, for the first implementation and we'll see if it's worthy to change it later.
Thanks for your work & dedication !
from angular2-keycloak.
Related Issues (20)
- Why checkLoginIframe should be marked as false? HOT 6
- forkAndJoin not working HOT 1
- Example App: at-loader errors HOT 2
- Authentication data lost after Keycloak redirects back to the app HOT 4
- How to use environment variables? HOT 2
- Error when compile only Import KeycloakModule v 0.9 inside app.module.ts HOT 2
- Invalid parameter: redirect_uri (v 0.9 ) HOT 3
- After login success parsedToken, isAuthenticated and profile is null or false (v 0.9) HOT 8
- Update for Angular 4.3 HttpClient HOT 2
- error while loading the keycloak.json config HOT 6
- Bug in public updateToken
- No authentication success signals w/ fragment response, standard flow, and iFrame check HOT 1
- Premature Token Expiration
- I need help! HOT 5
- Hi! There is a plan to make angular2-keycloak work on angular 5 with the new module HttpClientModule? Or could you help me to make it work? HOT 2
- Add an observable on authentication errors
- Upgrade to ng 9
- Keycloak is initiated when Http is declared HOT 2
- LogIn in browser not redirect HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular2-keycloak.