<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 19 November 2015 at 15:48, Ataraxus <span dir="ltr"><<a href="mailto:atx@binaryninja.de" target="_blank">atx@binaryninja.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hey, <br>
<br>
having 2 issues using the keycloak.js correct. <br>
<br>
As for now i deployed my keycloak.json in the WEB-INF folder, but
keycloak.js needs it accessible so i have to put it outside of
WEB-INF. This forces me to have it two times, is this correct?<br></div></blockquote><div><br></div><div>As you're saying you need it twice I assume you have your rest services and html5 pages in the same WAR? If so you need to have two different keycloak.json files. Outside WEB-INF should be for the HTML5 app, which should be a public client. Inside WEB-INF should be for your REST services and should be a bearer-only client. Also, make sure your HTML pages and js-scripts are public (aka doesn't have a security constraint in web.xml).</div><div><br></div><div>IMO though it would be cleaner to split the two into separate WARs.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
If I login to my test site which is essentially the view.html of the
demo-template/customer-app-js example I'm forced to relogin. <br>
This is as far as I can tell due to the keycloak.init({ onLoad:
'login-required' }) "login-required" if i just call keycloak.init(),
keycloak doesnt retrieve a token at all. <br>
How do i use this api correctly?<br></div></blockquote><div><br></div><div>onLoad: login-required doesn't force you to re-login. It forces you to login if you're not already logged-in. If you don't want to force login use keycloak.login() and wire it up to a button or something. Please read the docs at <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#javascript-adapter">http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#javascript-adapter</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
Bonus Question: the "myapp/k_query_bearer_token
" return an HTTP 200 but no token. i thought this one could have
been an alternative to keycloak.js<br></div></blockquote><div><br></div><div>If you are doing a HTML5/js app, you want to use keycloak.js that gives you a much better experience. You could set a security-constraint in web.xml for your index.html. Then use server-side login, but you end up with an http session, etc.. Not very elegant.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
Thanks <br>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div>