Single page app would work with cookie and server side adapter. I don't
know how it would work with javascript. You'd have to send the token
with the HTTP Upgrade request.
On 1/16/2015 11:31 AM, Juraci Paixão Kröhling wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
I'm investigating the possibility of protecting a WebSocket endpoint
with Keycloak and I found out that it works out of the box with
cookie-based authentication, meaning, the web page that opens the web
socket client should itself be protected, so that the cookie is sent
on the WebSocket request and authentication is made (confidential).
In my target scenario, however, the web page is a single-page app
(public) talking with a backend (bearer-only) in another host.
So, I'd like to know if there's anything planned on the WebSockets
front for such scenario. For instance, a JavaScript utility that
handles the setup of the socket (either with a custom protocol, or an
initial message with the bearer token, or another alternative) and a
server counterpart for this.
If there isn't yet, I'll probably have some time to explore this.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUuTzdAAoJEDnJtskdmzLMgSIH/2eGoZSzUcsXL2zs7tyLEAIL
LTHBOY0vlr3KDRIWMcab8ijIAKt5u+JQnb4fJlEEXW1C8+QKNSDJYsfj/HcGnDcg
TM2kzhy4HS9O8CnlRqKEm6FlRKfgV3R/64huFXCRXmIdkxiKGgMQvmhWmlrDFHVy
ZRtaNk3e433LkD4/fYdWIobjdtxZTv4xAglWAgXCAVdXJCy8Sp+yiopU7LNMqb75
mgWk89h8U5nl/J9HuAd8+oZH9qg35lwI1LZOPRRwpyl4td4x1tDR2lQc1SJmS47g
N2ES3jTtGHWMDEfsxDyLIQ6TmC1+r1Yoid51jILqaxlYGWgH/eRtnwny0Qczj+w=
=x0ZO
-----END PGP SIGNATURE-----
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev