[keycloak-dev] WebSocket integration
Juraci Paixão Kröhling
juraci at kroehling.de
Fri Jan 16 11:31:25 EST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
I'm investigating the possibility of protecting a WebSocket endpoint
with Keycloak and I found out that it works out of the box with
cookie-based authentication, meaning, the web page that opens the web
socket client should itself be protected, so that the cookie is sent
on the WebSocket request and authentication is made (confidential).
In my target scenario, however, the web page is a single-page app
(public) talking with a backend (bearer-only) in another host.
So, I'd like to know if there's anything planned on the WebSockets
front for such scenario. For instance, a JavaScript utility that
handles the setup of the socket (either with a custom protocol, or an
initial message with the bearer token, or another alternative) and a
server counterpart for this.
If there isn't yet, I'll probably have some time to explore this.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUuTzdAAoJEDnJtskdmzLMgSIH/2eGoZSzUcsXL2zs7tyLEAIL
LTHBOY0vlr3KDRIWMcab8ijIAKt5u+JQnb4fJlEEXW1C8+QKNSDJYsfj/HcGnDcg
TM2kzhy4HS9O8CnlRqKEm6FlRKfgV3R/64huFXCRXmIdkxiKGgMQvmhWmlrDFHVy
ZRtaNk3e433LkD4/fYdWIobjdtxZTv4xAglWAgXCAVdXJCy8Sp+yiopU7LNMqb75
mgWk89h8U5nl/J9HuAd8+oZH9qg35lwI1LZOPRRwpyl4td4x1tDR2lQc1SJmS47g
N2ES3jTtGHWMDEfsxDyLIQ6TmC1+r1Yoid51jILqaxlYGWgH/eRtnwny0Qczj+w=
=x0ZO
-----END PGP SIGNATURE-----
More information about the keycloak-dev
mailing list