[keycloak-user] HTML5/JS and download URL.
jayblanc at gmail.com
Mon Dec 15 09:13:06 EST 2014
We have a use case where an HTML5/Angular application is calling a REST
interface using keycloak for authentication SSO. Everything works fine
until we need to download files or preview images (using <img> tag). In
both case, this is the browser which perform the request on the REST url
and, because of a specific XHR authentication putting the bearer token in
the headers, a 'classic' browser request for downloading a file result in
an UNauthenticated request because of unexisting bearer token.
We're minding if there is a best practice to handle this case. We plan to
include a dedicated token as a download request parameter and to check this
particular query paramter programmatically in the /download JAX-RS
operation. What kind of token should have to put in the query and is there
an already existing mechanism to catch such token in jax-rs server-side
operations nor programmatically ?
Thanks a lot for your support and so good work, Best Regards, Jérôme.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user