[keycloak-user] HTML5/JS and download URL.

[Jérôme Blanchard]

Hi all,
We have a use case where an HTML5/Angular application is calling a REST
interface using keycloak for authentication SSO. Everything works fine
until we need to download files or preview images (using <img> tag). In
both case, this is the browser which perform the request on the REST url
and, because of a specific XHR authentication putting the bearer token in
the headers, a 'classic' browser request for downloading a file result in
an UNauthenticated request because of unexisting bearer token.

We're minding if there is a best practice to handle this case. We plan to
include a dedicated token as a download request parameter and to check this
particular query paramter programmatically in the /download JAX-RS
operation. What kind of token should have to put in the query and is there
an already existing mechanism to catch such token in jax-rs server-side
operations nor programmatically ?

Thanks a lot for your support and so good work, Best Regards, Jérôme.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141215/834acd4f/attachment.html