[keycloak-user] Using Keycloak Gatekeeper for Auth-Code-Flow over multiple microservices

[Seán Kelleher]

Hi Stian,

> The alternative is to have a backend for your front-end that deals with
> obtaining tokens. The front-end uses a httponly cookie to be authenticated
> against the backend, but never has access to the token directly. This has
> the limitation that front-end and backend has to be hosted on same domain
> and if you need to call external services it needs to be proxies through
> the backend. It is harder to do though.

Would it make sense to use Gatekeeper for this? The backend could require
bearer
tokens as usual but Gatekeeper could be in charge of using the authorisation
code flow to log the user in and proxying the frontend's requests to the
backend, mapping the cookies to the corresponding bearer tokens. It's
probably
more limiting than your solution for handling external services, but it
could be
a quick way of setting up this type of token handling?

Kind regards,

Seán.