Keycloak authorization process after access token

2
votes

I want to avoid the keycloak login page. I refer this "Avoid keycloak default login page and use project login page" link and able to get the access token using post method to "http://localhost:5555/auth/realms/master/protocol/openid-connect/token" link.

After getting access token in this step, it is mentioned to pass the below headers

headers :{

Authorization : 'Bearer ' + access_token_you_got

}

But it is not clear about where to pass the access token and what will be the response and what type of request.

This question might look very basic. As i am new to this, it is taking long time to understand. Any help is appreciated here.

2
keycloak

2 Answers

2
votes

After Getting the Access token you will have to pass the access token to access data for keycloak protected resource.

headers :{

Authorization : 'Bearer ' + access_token_you_got

}

I was also wondering the same thing and what I did was for each redirect in my application I have created a middleware which will authenticate the token.If the token is not valid or the token doesn't exist user will be redirected to login page to authenticate.

3
votes

A good start would be to understand the basics of OAuth2 protocol, its main actors and authorization grant types.

Actors:
- Authorization server
- Resource server
- Client
- Resource owner

Grant types:
- Authorization code grant
- Implicit grant
- Client credentials grant
- Resource owner credentials grant

Once you understand which grant type is suitable to your case, it becomes clear what request and response headers should you send and receive to/from actors of the authorization flow.

There are a lot of articles on this topic and I find this one particularly useful:
https://alexbilbie.com/guide-to-oauth-2-grants/

Keycloak's login page is particularly helpful while implementing Authorization code and Implicit grant types of OAuth protocol.