[keycloak-user] Keycloak and AngularJS
n.preusker at gmail.com
Thu Mar 27 10:41:44 EDT 2014
Hi Stian and Bill,
I've posted some questions regarding this topic before but I thought I'd
start a new thread to keep things focused:
I'm writing an AngularJS application with Java EE 6/7 REST (JAX-RS) backend
modules. To add authentication and authorization to this application, I'd
like to use keycloak
* as a user and role management front-end
* to provide a customizable login page (works very well by the way ;)
* as an OAuth 2.0 token provider
* to add user and role information to the HTTPRequests in my REST/ backend
To do this, I'm currently looking at keycloak.js and the customer-app-js
example. However, I'm wondering whether this is really the best way to go.
In a reply to an earlier post of mine you mentioned that the keycloak admin
console is written in AngularJS and that you are using HTTP-only cookies
However, in keycloak.js and the customer-app-js example you are retrieving
the token in the JS app and adding an authorization header with a bearer
token to the HTTP requests.
So here are my questions:
* Is there a reason you are using two different approaches in the admin
console and the official demo app?
* which one of the two approaches (bearer tokens vs. HTTP-only cookie) will
you support/ will be the officially recommended one for HTML5/ client side
* am I right in assuming that you haven't quite decided yet which approach
to use and that you are still discussing this in the keycloak team?
Looking forwards to your reply!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user