2:59 a.m.
Hi Mehdi Mehdi,
If I'm correct, keycloak.init( {onLoad: 'login-required'}) should only be used
for sites that are completely behind authentication/authorization.
Check out other init options here:
http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/javascript-...
To protect only certain paths, you should probably configure the router in your SPA
framework by adding some sort of 'authenticate' flag to the private routes.
Then you can probably add an extra authentication step to your pipeline that checks that
flag and if it is set, it should fire the keycloak.login() if the user is not
authenticated yet.
If it is not set, then the authentication step can skip the login, because it would be a
public path.
Good luck!
Marcel
3:16 a.m.
New subject: How to only protect specific paths (SPA)
On Thu, Oct 12, 2017 at 9:59 AM, Marcel van Tongeren <
mvtongeren(a)link2control.nl> wrote:
Hi Mehdi Mehdi,
If I'm correct, keycloak.init( {onLoad: 'login-required'}) should only be
used for sites that are completely behind authentication/authorization.
Check out other init options here: http://www.keycloak.org/docs/
latest/securing_apps/topics/oidc/javascript-adapter.html
+1 , in your case "check-sso" should do the trick
To protect only certain paths, you should probably configure the router in
your SPA framework by adding some sort of 'authenticate' flag to the
private routes.
Then you can probably add an extra authentication step to your pipeline
that checks that flag and if it is set, it should fire the keycloak.login()
if the user is not authenticated yet.
If it is not set, then the authentication step can skip the login, because
it would be a public path.
Good luck!
Marcel
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3102
days inactive
3102
days old
1 comments
2 participants
participants (2)
-
Marcel van Tongeren -
Sebastien Blanc