[keycloak-user] Keycloak and AngularJS

Nils Preusker n.preusker at gmail.com
Thu Mar 27 10:41:44 EDT 2014

Hi Stian and Bill,

I've posted some questions regarding this topic before but I thought I'd
start a new thread to keep things focused:

I'm writing an AngularJS application with Java EE 6/7 REST (JAX-RS) backend
modules. To add authentication and authorization to this application, I'd
like to use keycloak

* as a user and role management front-end
* to provide a customizable login page (works very well by the way ;)
* as an OAuth 2.0 token provider
* to add user and role information to the HTTPRequests in my REST/ backend

To do this, I'm currently looking at keycloak.js and the customer-app-js
example. However, I'm wondering whether this is really the best way to go.
In a reply to an earlier post of mine you mentioned that the keycloak admin
console is written in AngularJS and that you are using HTTP-only cookies

However, in keycloak.js and the customer-app-js example you are retrieving
the token in the JS app and adding an authorization header with a bearer
token to the HTTP requests.

So here are my questions:

* Is there a reason you are using two different approaches in the admin
console and the official demo app?
* which one of the two approaches (bearer tokens vs. HTTP-only cookie) will
you support/ will be the officially recommended one for HTML5/ client side
JavaScript applications in keycloak?
* am I right in assuming that you haven't quite decided yet which approach
to use and that you are still discussing this in the keycloak team?

Looking forwards to your reply!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140327/e963ca92/attachment-0001.html 

More information about the keycloak-user mailing list