[keycloak-dev] WebSocket integration

Juraci Paixão Kröhling jpkroehling at redhat.com
Fri Jan 16 12:26:29 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/16/2015 05:42 PM, Bill Burke wrote:
> Single page app would work with cookie and server side adapter.  I
> don't know how it would work with javascript.  You'd have to send
> the token with the HTTP Upgrade request.

If the single-page app is deployed on the same host/context, yes. But
if it's deployed on a different host (possibly on a CDN), then it has
to be a public application, not a confidential. So, cookie wouldn't work.

As far as I know, the HTTP Upgrade is handled by the WebSocket
implementation on the browser, so, there's no opportunity to add a
custom header there via JavaScript.

The usual solution is to either use a custom protocol ("sub-protocol"
as per the spec) or to send the token on a first message. As this is a
boiler plate code that would be very similar to all applications being
protected by Keycloak, I was wondering if it wouldn't make sense to
implement this on Keycloak adapters directly.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUuUnFAAoJECKM1e+fkPrX9yYH/j/m2dFRCwP017xlDfQ5NaYs
5ieTpFH6MSxvpTWazr1MVigpk4VtBk/rYc6UHbYIOqAuX/6r3XGXwDLsP2g11GhT
GD2NzIylkp5TOVlLY9cwzWlF76APVqixXLRlqjj0OBuDeALQlkQSx1MlHkXi+D9L
z/SOpqkG+tkn7QMIMq14Juw25ro/AfzTjS4TlpblOyWtd2/Xj85T6z2MJHK6tw8j
n29eQTP1BrIx8J+ShPz7jNxh8d6S2R1RqpDccYWYCc6ca5zi1xIEh7fH3DemRp27
/2R+3HYfaEUXyHWCMhs2fLwRW9KN65oWDWWN2KahYaWXxjHx82GsLDT6hFinz/s=
=sjeh
-----END PGP SIGNATURE-----


More information about the keycloak-dev mailing list