<div dir="ltr"><pre style="color:rgb(0,0,0)">Hi Bill,
<span style="font-family:arial">it's a mixed approach, maybe this is confusing you.</span></pre><pre style="color:rgb(0,0,0)">> I don't understand what the flow is below. In your flow above you said
> your server is making a call to the backend service with the token and
> is authenticated correctly, right?</pre><pre style="color:rgb(0,0,0)">My frontend is a WAR running on Tomcat and i<span style="font-family:arial">t is secured by keycloak.</span></pre><pre style="color:rgb(0,0,0)"><span style="font-family:arial">> What I don't understand is what you are doing below. Are you saying you
</span><span style="font-family:arial">> have a Browser client (Javascript) making a call to your backend?</span></pre><pre style="color:rgb(0,0,0)">The WAR serves also an AngularJS dashboard, in this dashboard I "inject" the token from the server but then I make client side calls.</pre>
<pre style="color:rgb(0,0,0)">The flow is:</pre><pre style="color:rgb(0,0,0)">1- The user call http://.../dashboard</pre><pre style="color:rgb(0,0,0)">2- TheĀ <span style="font-family:arial">frontend </span><span style="font-family:arial">server redirects to the keycloak login</span></pre>
<pre style="color:rgb(0,0,0)">3- Keycloak authenticates the user and redirects to frontend <span style="font-family:arial">server</span></pre><pre style="color:rgb(0,0,0)">4- The frontend server serves the AngularJS dashboard injecting the token</pre>
<pre style="color:rgb(0,0,0)">5- The client side dashboard makes ajax calls to the backend to load data</pre><pre style="color:rgb(0,0,0)">At point 5 I see my backend is logging that the call is AUTHENTICATED but on client side I see the response is failing.</pre>
<pre style="color:rgb(0,0,0)"><br></pre><div><div>--</div>Davide</div>
</div>