[keycloak-user] keycloak.js correct usage

Stian Thorgersen sthorger at redhat.com
Mon Nov 23 04:24:35 EST 2015


On 19 November 2015 at 15:48, Ataraxus <atx at binaryninja.de> wrote:

> Hey,
>
> having 2 issues using the keycloak.js correct.
>
> As for now i deployed my keycloak.json in the WEB-INF folder, but
> keycloak.js needs it accessible so i have to put it outside of WEB-INF.
> This forces me to have it two times, is this correct?
>

As you're saying you need it twice I assume you have your rest services and
html5 pages in the same WAR? If so you need to have two different
keycloak.json files. Outside WEB-INF should be for the HTML5 app, which
should be a public client. Inside WEB-INF should be for your REST services
and should be a bearer-only client. Also, make sure your HTML pages and
js-scripts are public (aka doesn't have a security constraint in web.xml).

IMO though it would be cleaner to split the two into separate WARs.


>
> If I login to my test site which is essentially the view.html of the
> demo-template/customer-app-js example I'm forced to relogin.
> This is as far as I can tell due to the keycloak.init({ onLoad:
> 'login-required' }) "login-required" if i just call keycloak.init(),
> keycloak doesnt retrieve a token at all.
> How do i use this api correctly?
>

onLoad: login-required doesn't force you to re-login. It forces you to
login if you're not already logged-in. If you don't want to force login use
keycloak.login() and wire it up to a button or something. Please read the
docs at
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#javascript-adapter


>
> Bonus Question: the "myapp/k_query_bearer_token " return an HTTP 200 but
> no token. i thought this one could have been an alternative to keycloak.js
>

If you are doing a HTML5/js app, you want to use keycloak.js that gives you
a much better experience. You could set a security-constraint in web.xml
for your index.html. Then use server-side login, but you end up with an
http session, etc.. Not very elegant.


>
> Thanks
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/cb9dd7fb/attachment.html 


More information about the keycloak-user mailing list