Re: [keycloak-user] Redirect to keycloak only for certain content-types

Hi, Yes, it can be done with nginx, but I still hope this could be accomplished natively :) The general idea is this: a) if browser asks for "text/html" => act as confidential/public client, that is start keycloak login protocol b) if browser asks for "application/json” => act as bearer only client, and in case of authorization error, respond with proper 40x status This would let me build an ‘isomorphic’ JavaScript application ( http://isomorphic.net) With keycloak-1.5.0 I see that there is no difference whether I accept text/html or application/json: tair$ curl -v -H 'Accept: text/html' http://localhost:9080/hello-world/rest/something * Trying ::1... * connect to ::1 port 9080 failed: Connection refused * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 9080 (#0) > GET /hello-world/rest/something HTTP/1.1 > Host: localhost:9080 > User-Agent: curl/7.43.0 > Accept: text/html > < HTTP/1.1 302 Found < Expires: 0 < Cache-Control: no-cache, no-store, must-revalidate < X-Powered-By: Undertow/1 < Set-Cookie: OAuth_Token_Request_State=72/c51bad76-7236-486e-aae6-9ec58c725666 < Server: WildFly/9 < Pragma: no-cache < Location: http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo... < Date: Fri, 02 Oct 2015 15:53:32 GMT < Connection: keep-alive < Content-Length: 0 < * Connection #0 to host localhost left intact tair$ curl -v -H 'Accept: application/json' http://localhost:9080/hello-world/rest/something * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 9080 (#0) > GET /hello-world/rest/something HTTP/1.1 > Host: localhost:9080 > User-Agent: curl/7.43.0 > Accept: application/json > < HTTP/1.1 302 Found < Expires: 0 < Cache-Control: no-cache, no-store, must-revalidate < X-Powered-By: Undertow/1 < Set-Cookie: OAuth_Token_Request_State=73/a8f13860-a35c-455a-9963-434c17e00a65 < Server: WildFly/9 < Pragma: no-cache < Location: http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo... < Date: Fri, 02 Oct 2015 15:53:41 GMT < Connection: keep-alive < Content-Length: 0 < * Connection #0 to host localhost left intact Any workarounds there? -- Tair Sabirgaliev Bee Software, LLP On October 2, 2015 at 20:54:01, Giriraj Sharma (giriraj.sharma27(a)gmail.com (mailto:giriraj.sharma27@gmail.com)) wrote: > Hi, > > One possible way is to put nginx as a reverse proxy in between browser and Keycloak server instance. You can dig around using $content_type embedded variable of nginx ngx_http_core_module or may be nginx_rewrite module and a simple tweak (may be an if statement in nginx server/location block config) will help you in achieving the required. Based on the value of content-type header, you can proxy-pass the requests to a different upstream server via nginx. > > Cheers, > > > On Fri, Oct 2, 2015 at 2:19 PM, Tair Sabirgaliev wrote: > > > > Hi, > > > > Is it possible to setup login redirection only for certain content types? > > I want to redirect only when the browser asks for text/html. For other types > > either 40x or Authorization challenge. > > > > -- > > Tair Sabirgaliev > > Bee Software, LLP > > > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user@lists.jboss.org(mailto:keycloak-user@lists.jboss.org) > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > -- > > Giriraj Sharma > about.me/girirajsharma > > > > > > > > > > > > > > > Giriraj Sharma, > Department of Computer Science > National Institute of Technology Hamirpur > Himachal Pradesh, India 177005 _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user