In the example, the angular is bootstrapped after the keycloak
authentication is properly finished. It's also because keycloak
authentication requires redirection of browser to KC and then
redirecting back to the app. Theoretically you can combine it that
keycloak authentication flow is called just when user visits some
"secured" URL of your app, but still after redirecting from KC login
screen back to the app, it will be better if angular is bootstrapped
after keycloak authentication is finished (so in the "success" callback
from keycloak.init call as it's done in the example).
Also note that there is no authorization in the JS application itself.
The secured part are rest endpoints, which are secured by Bearer token
obtained from the authentication of JS application. This is done in
authInterceptor, which adds the bearer token to REST requests.
On 5.2.2015 18:39, Jorge Dario Arias Lopez wrote:
Hi I'm developing a web page in angular with keycloak for
I followed this example
and it works pretty well.
Now I want to secure only part of my application. Is there any way to
achieve this behavior.
Thanks in advance
keycloak-dev mailing list