[英]Keycloak external login page for external IDP
In our spring boot app, we are using keycloak and we configured multiple external IDP.在我们的 spring boot 应用程序中,我们使用 keycloak 并配置了多个外部 IDP。 Everything is working successfully on browser based.
一切都在基于浏览器的平台上成功运行。 The login page that is provided by keycloak is showing direct grant option in addition to login with IDPs then if user clicks to login using IDP, he is redirected to IDP's login page then our keycloak receives the token.
keycloak 提供的登录页面除了使用 IDP 登录外,还显示直接授权选项,如果用户单击使用 IDP 登录,他将被重定向到 IDP 的登录页面,然后我们的 keycloak 会收到令牌。
What I want to change in that flow is that instead of showing user login page of keycloak I want to show him login page from my app(my FE) which is dealing with my BE api.我想在该流程中更改的是,我不想显示 keycloak 的用户登录页面,而是想显示我的应用程序(我的 FE)中处理我的 BE api 的登录页面。 My BE would dealing with KC.
我的 BE 会处理 KC。 then If user select to login with IDP I want to get the redirect url from KC to pass it to my FE.
然后如果用户选择使用 IDP 登录,我想从 KC 获取重定向 url 以将其传递给我的 FE。 Then after getting the token I want to redirect user to my FE immediately.
然后在获得令牌后我想立即将用户重定向到我的 FE。
In other words I don't want users to access KC directly this should be throughout my BE换句话说,我不希望用户直接访问 KC 这应该贯穿我的整个 BE
Your client applications should never have access to users credentials.您的客户端应用程序永远不应访问用户凭据。
I'd consider things an other way arround (I make assumptions on your setup because you didn't give much details about it):我会考虑另一种方式(我对你的设置做出假设,因为你没有提供太多细节):
client
to resource-server
.client
更改为resource-server
。 In OAuth2 wording, REST APIs are resource-server, not clients.oauth2Login
) for unauthorized request to 401 (which is the standard HTTP status for unauthorized request)oauth2Login
)切换到 401(这是未经授权请求的标准 HTTP 状态) If I'm right about your REST API being configured with spring-boot-starter-oauth2-client
and if you don't know yet how to configure it with spring-boot-starter-oauth2-resource-server
, you can refer to Spring official doc or to this tutorials i wrote.如果我关于你的 REST API 是用
spring-boot-starter-oauth2-client
配置的是正确的,如果你还不知道如何用spring-boot-starter-oauth2-resource-server
配置它,你可以参考Spring 官方文档或我写的本教程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.