Issue
I have a Angular webap that currently asks users to authenticate interactively. Here is my code:
import { KeycloakService } from 'keycloak-angular';
const initializeKeycloak = (keycloak: KeycloakService) => async () =>
keycloak.init({
config: {
url: kcUrl,
realm: kcRealm,
clientId: kcClient,
},
initOptions: {
flow: 'hybrid',
},
shouldAddToken: (_request) => true
}).then(async (authenticated) => {
if (authenticated) {
bearerToken.next(await keycloak.getToken());
}});
@NgModule({
declarations: [AppComponent],
imports: /* some imports ... */,
providers: [KeycloakService,
{
provide: APP_INITIALIZER,
useFactory: initializeKeycloak,
multi: true,
deps: [KeycloakService]
Now I need the same webapp, when opened by means of the /kiosk
URL, to authenticate using the client_credentials
grant type (no user interaction).
I looked at both the keycloak-angular and keycloak-js docs, but I couldn't find anything about how to implement the client credentials grant.
Do the keycloak-angular and keycloak-js modules support such a configuration? If yes, how do I enable it for the /kiosk
URL only?
Solution
I ended up coding the thing myself. I still do not know whether keycloak-angular and keycloak-js support the client_credentials
grant, but the required code is short and simple enough to avoid caring for external libraries: I added a custom guard for the /kiosk
url, which obtains the token from keycloak.
Here is the relevant snippet of code for others, just in case:
async getClientCredentialsGrantToken(kcClientId: string, kcClientSecret: string): Promise<Response> {
const data = new URLSearchParams();
data.append('client_id', kcClientId);
data.append('client_secret', kcClientSecret);
data.append('grant_type', 'client_credentials');
return fetch('https://keycloak.example.com/realms/myrealm/protocol/openid-connect/token', {
method: 'POST',
cache: 'no-cache',
credentials: 'omit',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
redirect: 'follow',
body: data,
});
}
Answered By - Lucio Crusca
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.