8:54 a.m.
Hello everyone and thank you for sharing keycloak with the community.
I'm trying to use keycloak on my SPA (single page application with javascript in both
front & back ends).
I only want to password protect specific paths and not all paths. The problem is that once
I do require login
keycloak.init( {onLoad: 'login-required'})...
on some "sensitive path" all the other paths become protected. I suspected that
would happen because I did not find a function to suspend "requiring a login".
Indeed, I did test this by going to the keycloak admin page and logged out the user (who
was by then on a public/not-protected path). On my SPA the user got kikked out asking her
for a password through keycloak even though she was on a 'public path'.
In short, is there a way to instruct keycloak not to require a login.
BTW, I'm only using keycloak on the front end right now.. Need to make it work before
also using it on my API (back end).
Thank you in advance for your feedback.
7:13 a.m.
Can't you "compute" value of the onLoad attribute based on the current
path? I maybe not understand your usecase properly, so maybe not the
best solution, just guessing...
Marek
On 09/10/17 15:54, Mehdi Mehdi wrote:
Hello everyone and thank you for sharing keycloak with the
community.
I'm trying to use keycloak on my SPA (single page application with javascript in both
front & back ends).
I only want to password protect specific paths and not all paths. The problem is that
once I do require login
keycloak.init( {onLoad: 'login-required'})...
on some "sensitive path" all the other paths become protected. I suspected that
would happen because I did not find a function to suspend "requiring a login".
Indeed, I did test this by going to the keycloak admin page and logged out the user (who
was by then on a public/not-protected path). On my SPA the user got kikked out asking her
for a password through keycloak even though she was on a 'public path'.
In short, is there a way to instruct keycloak not to require a login.
BTW, I'm only using keycloak on the front end right now.. Need to make it work before
also using it on my API (back end).
Thank you in advance for your feedback.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:04 a.m.
Thanks for your reply Marek,
My problem is that after the user is logged in on path /#private and then after a while
moves back to a public path /#public (meaning not requiring it to be logged in) . If the
user is logged out (from the admin panel or simply due to timeout) that user would be
required to go back and log in even though she 's on /#public.
Since it's an SPA, Keycloak would always try to make sure the user is logged in and I
did not find a way to stop keycloak from requiring that log in if I detect the user does
not need login.
It seems that once I invoke Keycloak.init().... I can no longer stop keycloak from
enforcing the authentication!
Thanks again, I hope I can find a solution. Been looking into the keycloak.js code to see
if I can stop it but there's no clear way on how to do it. I could go and try to
"hijack" 'isTokenExpired function' to make sure it always returns false
if the user is on public path but I'm not sure it covers all scenarios since I do not
know how keycloak works. The whole point for using Keycloak is not to spend time on this
front in the first place .. and poking around with the keycloak.js code would be a hack
anyway.
Cheers~
________________________________
De : Marek Posolda <mposolda(a)redhat.com>
Envoyé : mardi 10 octobre 2017 12:13:00
À : Mehdi Mehdi; keycloak-user(a)lists.jboss.org
Objet : Re: [keycloak-user] How to only protect specific paths (SPA)
Can't you "compute" value of the onLoad attribute based on the current
path? I maybe not understand your usecase properly, so maybe not the
best solution, just guessing...
Marek
On 09/10/17 15:54, Mehdi Mehdi wrote:
Hello everyone and thank you for sharing keycloak with the
community.
I'm trying to use keycloak on my SPA (single page application with javascript in both
front & back ends).
I only want to password protect specific paths and not all paths. The problem is that
once I do require login
keycloak.init( {onLoad: 'login-required'})...
on some "sensitive path" all the other paths become protected. I suspected that
would happen because I did not find a function to suspend "requiring a login".
Indeed, I did test this by going to the keycloak admin page and logged out the user (who
was by then on a public/not-protected path). On my SPA the user got kikked out asking her
for a password through keycloak even though she was on a 'public path'.
In short, is there a way to instruct keycloak not to require a login.
BTW, I'm only using keycloak on the front end right now.. Need to make it work before
also using it on my API (back end).
Thank you in advance for your feedback.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3119
days inactive
3122
days old
2 comments
2 participants
participants (2)
-
Marek Posolda -
Mehdi Mehdi