[keycloak-user] How to only protect specific paths (SPA)
Marcel van Tongeren
mvtongeren at link2control.nl
Thu Oct 12 03:59:38 EDT 2017
Hi Mehdi Mehdi,
If I'm correct, keycloak.init( {onLoad: 'login-required'}) should only be used for sites that are completely behind authentication/authorization.
Check out other init options here: http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/javascript-adapter.html
To protect only certain paths, you should probably configure the router in your SPA framework by adding some sort of 'authenticate' flag to the private routes.
Then you can probably add an extra authentication step to your pipeline that checks that flag and if it is set, it should fire the keycloak.login() if the user is not authenticated yet.
If it is not set, then the authentication step can skip the login, because it would be a public path.
Good luck!
Marcel
More information about the keycloak-user
mailing list