Make Keycloak authentication work with own JWT tokens generation

Question

There's a Keycloak (KC) server in my company, and I'm working on some app. The Backend is Spring Boot 2.6.6, Front-end is AngularJs. When user presses 'Log In' button, user gets redirected to KeyCloak login page and enters credentials. This part is implemented already and working fine.

But then comes a tricky part: I need to return to front-end JWT token with some granted authorities, and those authorities will depend of what application gets from it's DB for every particular user. All other endpoints will have @PreAuthorize with needed authority. So, I can't get JWT from KC, because KC doesn't know anything about app's vision to user's granted authorities.

Can you please help with some ideas how to achieve this? Because I'm trying to implement this and getting doubts about possibility to achieve this. One of the errors I'm getting is:

Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.

Thank you

Answer 1

Keycloak is OAuth2 and OpenID Connect(OIDC) protocol complaint. Which means you can use already defined patterns of authorization flows in OAuth2.

Auth2 has implementation of a step by step authorization logic called Authorization Code Flow -which is one of many but I believe is the most suitable one for your use case-. RFC docs of this flow explain it pretty well and you can find them here. You should also look at how Keycloak implementations are done.

Learning and implementing this flow on your project will provide an industry standard solution.