In our spring boot app, we are using keycloak and we configured multiple external IDP. Everything is working successfully on browser based. The login page that is provided by keycloak is showing direct grant option in addition to login with IDPs then if user clicks to login using IDP, he is redirected to IDP's login page then our keycloak receives the token.
What I want to change in that flow is that instead of showing user login page of keycloak I want to show him login page from my app(my FE) which is dealing with my BE api. My BE would dealing with KC. then If user select to login with IDP I want to get the redirect url from KC to pass it to my FE. Then after getting the token I want to redirect user to my FE immediately.
In other words I don't want users to access KC directly this should be throughout my BE
Your client applications should never have access to users credentials.
I'd consider things an other way arround (I make assumptions on your setup because you didn't give much details about it):
client
to resource-server
. In OAuth2 wording, REST APIs are resource-server, not clients.oauth2Login
) for unauthorized request to 401 (which is the standard HTTP status for unauthorized request) If I'm right about your REST API being configured with spring-boot-starter-oauth2-client
and if you don't know yet how to configure it with spring-boot-starter-oauth2-resource-server
, you can refer to Spring official doc or to this tutorials i wrote.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.