[keycloak-user] Authorization with javascript adapter

Alex Chatziparaskewas alex.chatziparaskewas at trapezegroup.com
Fri Jan 4 04:23:37 EST 2019


Hi Hari,

So, have a look into the ‘tokenParsed’ attribute and let me know if it helped you (we might need the same at some point in time).

Thanks & Regards,
Alex



No, it is not related to  remember me.
When i saw you question I thought you already working on javascript adapter and can help me.

On Fri, Jan 4, 2019 at 2:35 PM Alex Chatziparaskewas <alex.chatziparaskewas at trapezegroup.com<mailto:alex.chatziparaskewas at trapezegroup.com>> wrote:
Hi Hari,

Nope, we are not using roles. Once a user is authenticated he is as well fully authorised. Anyhow, although we have not gone down that path yet, check the ‘tokenParsed’ attribute of the keycloak instance object (just log them for starters). It shows some information about access/resource roles associated with the current user.

Question from my side: has this anything to do with my original question about updating the ‘remember me’ session?

Thanks & Regards,
Alex



Hi Alex Chatziparaskewas,

Thanks for your reply.
I am not asking about authentication part, in am asking about authorization part.
For example i want to enable access for a URI(mypoject/test-resource) to users who have ROLE 'TEST' ,in the keycloak i can do that in Authorization tab
of a myclient.

That means when a user is logged in he can access URI 'mypoject/test-resource' only if he has ROLE 'TEST' other wise will be given error saying access denied.

This settings working fine with backend applications like java webapps/springboot apps, but not working with javascript/Angular apps. If you know how to make it work or have sample project let me know.


On Fri, Jan 4, 2019 at 12:18 PM Alex Chatziparaskewas <alex.chatziparaskewas at trapezegroup.com<mailto:alex.chatziparaskewas at trapezegroup.com>> wrote:
Hi Hari,

On the server side the resources are protected by a keycloak gatekeeper proxy instance, e.g. our server (at this time) is unaware of security aspects. On the client side the login process goes past keycloak’s login and registration pages, i.e. the javascript adapter initialises, attempts authentication (redirects to login page if unsuccessful) and then does a periodic updateToken.

Thanks & Regards,
Alex



Hi Alex Chatziparaskewas,

i know you are using javascript adapter for authentication(for login), can we use javascript adapter for authorization also like resource protection.


--
Thanks & Regards,

Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.

Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: hariprasad.n at ramyamlab.co<http://ramyamlab.co>m
www.ramyamlab.com<http://www.ramyamlab.com/>


--
Thanks & Regards,

Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.

Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: hariprasad.n at ramyamlab.co<http://ramyamlab.co>m
www.ramyamlab.com<http://www.ramyamlab.com/>


--
Thanks & Regards,

Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.

Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: hariprasad.n at ramyamlab.co<http://ramyamlab.co>m
www.ramyamlab.com<http://www.ramyamlab.com/>


More information about the keycloak-user mailing list