Reputation: 3
Spring Boot 3 and Keycloak
I want to just add to my Spring Cloud Gateway authorization with Keycloak. I am using Spring Boot 3 version. Is that good idea to create a custom controller like "/auth/login", so that when request is send my service POST username and password from request "https://keycloak.some.project.com/auth/realms/aifc-portal/protocol/openid-connect/token" with RestTemplate and get token? Also related, if I do "/auth/signup" and send request parameters with POST to keycloak with RestTemplate?
Upvotes: 0
Views: 649
Answers (1)
Reputation: 12754
Is that good idea to create a custom controller like "/auth/login", so that when request is send my service POST username and password from request
No. Your application should not collect users credentials, this not how OAuth2 works. Your authorization server should already have all that is needed for registration and login.
If your frontend is rendered on the server (Thymeleaf, JSF, ...) then configure it as a "confidential" OAuth2 client with oauth2Login and keep the gateway transparent to OAuth2 (nothing about security on it).
If your frontend is a SPA (Angular, React, Vue, ...), then consider applying the BFF pattern with the Gateway configured as "confidential" client with oauth2Login and also with the TokenRelay filter. I wrote a tutorial for this on Baeldung.
Upvotes: 0
Related Questions
- How to configure port for a Spring Boot application
- Getting Access Token with Spring Cloud Gateway and Spring Security with Keycloak
- Keycloak - use authorization code with state parameter
- How to get keycloak token using Angular -> Spring Boot Oauth2 -> Keycloak
- Keycloak 18 +Spring boot
- Login to Keycloak that is behind Spring Cloud Api Gateway
- Keycloak Kubernetes 401 Unauthorized
- How to integrate Keycloak with Spring boot(API) without login page
- Keycloak token generation not working- Unauthorized credentials