[keycloak-user] Keycloak AJAX authentication flow

Bartosz Andrzejczak ba.andrzejczak at gmail.com
Wed Feb 21 14:42:35 EST 2018


Hi Moritz,

Thanks for clarification. I don’t know why I thought you mean just the log in process. If you’re creating this registration as a part of keycloak (an SPI), I’m afraid I can’t help you. I don’t really know if that can be done like that.

On the other hand if you want to impelement a registration form as a part of your application, I’d simply send a registration request to your backend, where you would use admin offline token or login and password to get admin’s token, and then create a user using this API - http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_create_a_new_user <http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_create_a_new_user>. Why wouldldn’t I do it from the front and using AJAX? For starters you would need to store admin user offline token or credentials in a way accessible to all visitors of your registration page. Doing that on in your backend application you can conceal this information and make it safe, validate the data etc.

Cheers,
Bartek

> On 21 Feb 2018, at 8:53 AM, moritz.becker at gmx.at wrote:
> 
> Hi Bartek,
>  
> thank you for your answer.
>  
> The login using the Keycloak redirect you described is not the problem – this actually works fine already.
>  
> I am talking about the user registration form that uses a custom Keycloak theme. I need some more advanced UI elements in the registration theme and thus I am trying to use Aurelia in the theme. However, when the user clicks the ‘Register’ button and the registration form contains validation errors, Keycloak responds with reloading the whole page (which now has the validation error messages baked in). In my case, this causes an unwanted reload of the SPA that takes too long. So what I want to do is to submit the registration form via AJAX and just receive a JSON response containing the validation errors which I can then render on the client without reloading the whole app.
>  
> Von: Bartosz Andrzejczak [mailto:ba.andrzejczak at gmail.com] 
> Gesendet: Dienstag, 20. Februar 2018 21:43
> An: moritz.becker at gmx.at
> Cc: keycloak-user at lists.jboss.org
> Betreff: Re: [keycloak-user] Keycloak AJAX authentication flow
>  
> Hi Moritz,
>  
> The usual path with SPA would be to just redirect user to the Keycloak authentication page, that if user’s logged in would just redirect them back with authentication code in the query parameter, and if not - would require user to log in. I’ve described that for Angular here: https://medium.com/andrzejczak/sso-for-your-single-page-application-part-1-2-angularjs-1d79edb7d9c8 <https://medium.com/andrzejczak/sso-for-your-single-page-application-part-1-2-angularjs-1d79edb7d9c8>
>  
> But if your app load time is quite long there might be something else you can do. There’s a token endpoint that would return you a JSON containing authentication token and refresh token, both with expiration times. All you need to provide is login and password (and additionally grant_type (`password`) and your client_id). So if you decide to implement authentication form on your side you could just use that to get a token for a user and treat this user as logged into the application. You’re loosing the SSO capabilities of Keycloak, but it might still be enough for you. You can see example of this token request in step 1 of this blogpost https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a <https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a>. Be sure to enable Direct Flow in the Keycloak Client, though.
>  
> Cheers,
> Bartek
> 
> 
>> On 20 Feb 2018, at 3:38 PM, <moritz.becker at gmx.at <mailto:moritz.becker at gmx.at>> <moritz.becker at gmx.at <mailto:moritz.becker at gmx.at>> wrote:
>>  
>> Hi,
>> 
>> 
>> 
>> I am trying to implement a Keycloak registration theme using the Aurelia JS
>> Framework.
>> 
>> 
>> 
>> The problem is that there is currently no possibility to submit the
>> registration form via AJAX and get back a reduced response that just
>> contains validation errors etc. instead of reloading the whole page. Page
>> reload is problematic in this scenario since it causes a reload of the
>> Aurelia-App which takes too long.
>> 
>> 
>> 
>> As far as I can see, I would need to customize the
>> org.keycloak.authentication.FormAuthenticationFlow but there is not SPI to
>> do so at the moment.
>> 
>> 
>> 
>> Do you have any recommendations for me?
>> 
>> 
>> 
>> Thanks, 
>> 
>> Moritz
>> 
>> 
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>


More information about the keycloak-user mailing list