<div dir="ltr">Hello,<div><br></div><div>We have an application that is protected using Keycloak and a user can
access this application through a web front. After login the user can
use the functionality of the application. The application is also
exposed through REST API's and is protected via keycloak as part of the
application and accessible only after login into the main application.<br><br>We
have a </div><div><br></div><div>(Step 1) Javascript application (retrieving data from) -> </div><div><br></div><div>(Step 2) Business Application exposed as REST API (REST API has to make
calls to backend Application mentioned above) -> </div><div><br></div><div>(Step 3) BackEnd
Application Server + REST API.<br><br>Directly accessing the BackEnd
Application Server works fine but when we need to call the REST API from
another REST service which is authenticated via Keycloak we have
issues.<br><br>We used the existing sample to try and do a POC but not
sure what is the best approach to solve this issue. The part from (Step
1) to (Step 2) works and the REST API is protected using BEARER token.
The (Step 2) to (Step 3) is a problem as in (Step 2) we only have the
BEARER token and the BackEnd Application is protected using the full
keycloak configuration. So The BackEnd Application service is not
authenticating by sending in only the BEARER token in the header which
is a full keycloak installation (work as only a web service).<br></div><div><br></div><div>Thanks</div><div>Sam</div></div>