Re: [keycloak-user] How to only protect specific paths (SPA)

Thursday, 12 October 2017

Hi Mehdi Mehdi,

If I'm correct, keycloak.init( {onLoad: 'login-required'}) should only be used
for sites that are completely behind authentication/authorization.
Check out other init options here:
http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/javascript-...

To protect only certain paths, you should probably configure the router in your SPA
framework by adding some sort of 'authenticate' flag to the private routes.
Then you can probably add an extra authentication step to your pipeline that checks that
flag and if it is set, it should fire the keycloak.login() if the user is not
authenticated yet.
If it is not set, then the authentication step can skip the login, because it would be a
public path.

Good luck!
Marcel

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] How to only protect specific paths (SPA)