Reputation: 1221
How to implement JWT with Keycloak in Spring boot microservice acrhitecture?
I have read some articles for Keycloak spring implementation (eg: easily-secure-your-spring-boot-applications-with-keycloak) but no one mention how to use with JWT.
I have created zuul api gateway and add Keycloak adapter as described in the previously linked article. That's ok, but I want to use JWT with keycloak.
Mentioned elsewhere set the client access type to bearer-only and the session strategy to NullAuthenticatedSessionStrategy. That's enough or need something else for JWT?
So my questions:
- How do I configure client on Keycloak admin for JWT?
- How do I configure Keycloak in backend config file for JWT?
- How do I configure Keycloak adapter for JWT?
- How do I pass user info to microservice? Create filter in gateway? But how I get user info from request?
Upvotes: 3
Views: 2386
Answers (1)
Reputation: 3059
Keycloak access token is a JWT. It is a JSON and each field in that JSON is called a claim. By default, logged in username is returned in a claim named “preferred_username” in access token. Spring Security OAuth2 Resource Server expects username in a claim named “user_name”. So, you need to create mapper to map logged in username to a new claim named user_name.
In order to provide access to client (micro-service), respective role needs to be assigned/mapped to user.
In your spring boot application, then you need to configure connection to keycloak server, providing, auth url, token url, scope, grant-type, client-id and client-secret.
Afterthat, your app be able to parse JWT token, you need to create some JwtAccessTokenCustomizer. This class should extend DefaultAccessTokenConverter and implement JwtAccessTokenConverterConfigurer classes. The main logic lays in public OAuth2Authentication extractAuthentication(Map<String, ?> tokenMap) method.
Then you need to configure OAuth2 Resource Server to provide access for other micro services. For that you define here - Oauth2RestTemplate Bean.
And in the end, secure your REST API, via the standard configuration Component.
So, you can see that, it is a large work, and couldn't be described with code, show some of your work, divide it to the chunk, and ask interesting your questions.
Upvotes: 4
Related Questions
- How to use Keycloak token between Microservices?
- Handling authentication of microservice at Gateway service in Spring boot
- Spring/spring boot authorisation using JWT tokens
- How to add Jwt Token based security In Microservices
- Microservice authentication with Keycloak
- Adding JWT to Spring Boot Microservices
- Microservice Authentication and Authorization using JWT
- Securing Spring Boot service with keycloak - JWT token
- How to Setup Keycloak + Spring Boot + Oauth2 within Microservice Architecture
- how to fetch JWT tokens from keycloak API in a springboot application