How access to the JHipster API when authentication is managed by Keycloak

Question

I've built a JHipster application with oauth2 authentication. The latter is implemented by Keycloak through the generated docker-compose file.

Everything works fine in the browser for "human" users. But I need to make some external programs use the API while beng authenticated.

So I started to simulate direct access to API with Postman. I read about XSRF-TOKEN cookie. But to be frank, I don't understand the process of authentication.

Can anyone explain how to perform authenticated requests to the JHipster API regarding keycloak ?

Maybe it isn't the appropriate approach : I also read about implementing a Configuration based on another authentication mecanism, that should be used for controllers exposed on a different endpoint.

Any help figuring out all of that would be really appreciated !

Answer 1

I got it working: Jan's tip show me the way.

Mainly I followed this tutorial.

The solution would be to add a client configured with Standard flow, Service account and Authorization enabled. Then I added the JHipster client scope provided by the generated docker-compose setup.

Once that was configured, I configured the request to use the Oauth2 authentication. I filled the configuration form for token request according to the tutorial. And I was good to go !

Many thx !

Answer 2

You need machine to machine authentication. Generally Open ID Connect (OIDC) offers client credentials flow for this case. So in theory you just enable it in the Keycloak client configuration and you may use it. But it depends on your API auth implementation. Your API very likely uses different OIDC flow for humans and it may not be ready for client credentials flow.