0

I have create microservice jhipster application with keycloak for auth and separate front end from gateway. In dev mode work fine. In prod mode i use nginx for front end. UI redirect to keycloak for login but at the end i was redirect to login?error.

This is the chain and nginx / keycloak / gateway not have any log about:

http:///oauth2/authorization/oidc -> this return 302 to -> http://keycloak:9080/auth/realms/jhipster/protocol/openid-connect/auth?response_type=code&client_id=web_app&scope=openid%20address%20email%20jhipster%20microprofile-jwt%20offline_access%20phone%20profile%20roles%20web-origins&state=tJECXsyzwkgNbXwdcPV0EQW_Wk9oEv-FeEPwV00WB4Y%3D&redirect_uri=http:///login/oauth2/code/oidc&nonce=2OF1Ex7Sg9HYBGpH4L7Wy56LsimY4fENrfbfPsSR3Dw -> this redirect to -> http://sviluppo.panda.local/login?error

Ivan
  • 41
  • 5
  • If you're not packaging your frontend with your backend (e.g., they're running on different ports), you'll need to integrate some sort of OIDC library in your frontend to authentication with Keycloak and then modify your services to pass an access token to the backend. The current implementation is all server-side and expects the frontend to be packaged with the backend. Why? Because it's the most secure authentication flow. – Matt Raible Feb 19 '20 at 16:05
  • Hi Matt! tnk! Have you some link about your solution? – Ivan Feb 20 '20 at 14:50
  • If you want to separate your apps, you could use JHipster for the backend and [Ionic for JHipster](https://github.com/oktadeveloper/generator-jhipster-ionic) to develop your frontend. Note that using this method means you're storing your access token on the client in local storage and it's not as secure as letting Spring Security store it on the server. – Matt Raible Feb 20 '20 at 16:46

0 Answers0