Im developing a spring shell app whose main job is to make requests to a Spring boot rest API and display the results to the user. The problem is the users of the rest API are managed by keycloak, meaning I have to authenticate the CLI user to send the token with each request. I didn't find a way to integrate OAuth2 since the CLI is not a web app. So I retrieve the token manually using OpenFeign and use an interceptor to set the header before each request, but I need to store the token securely and manage it by refreshing when expired ... what's the best way of storing the token securely, or something that makes managing the authentication easier.
Asked
Active
Viewed 49 times
1 Answers
0
I would require the access token as an argument. Users can use an existing OAuth2 client with a UI like Postman to get such tokens (you could also write your own).
I wouldn't store the token elsewhere than in memory (in a support class or something).
If you maintain long sessions in your CLI (users using the CLI longer than access tokens lifespan), then give an option to provide with a refresh token too and enhance the "support" class to silently renew access tokens before it expires (using WebClient or your favorite REST client for Spring).
ch4mp
- 6,622
- 6
- 29
- 49