Very much needed and helpful information, thanks a lot. i have a question like you have shown this example by taking one service and created 2 classes RealmRoleConverter and ResourcesServerConfig as part of resource configs suppose we have 5-10 services so ,we need to create these two classes in all the microservices, right? am i right or is there any other way of doing this?
TokenRelay is not working. When I use postman to test my endpoints, gateway responds code 200 but always shows (in html in postman) the keycloack login webpage, I can never pass even submitting the token to the gateway. However, it works if I send the request to the microservice without using the gateway. Do you know what could be happening?
To allow user creation, you just need to select the option to include user registration in the login ui. This is available from keycloak directly. Nothing changes on the API gateway
Hi, when I do this activity in API gateway from a browser it is generating cookies, how can we tell reactive security flow to stay Stateless and pass tokens in the headers?
You will need to define this in the properties. What I remember last is that there is a property to forward the token in the header. You will have to check the documentation for the property.
I have a onprem LDAP server which has all the info about user permissions. Planning to develop a Rest API on top of onprem server which gives the response as read/write perm, all of the microservices are on cloud and user roles are tagged to the rest api. Can I use keycloack to generate a token which contains user permissions as part of claims and pass it to the backend server to validate it?
Thanks for such an end to end working example with spring cloud gateway and Keycloak. I have a query - How api gateway and keycloak can be used to authenticate user details received from a client application like Angular? POST ({email password}) Flow : Angular -----------------------> API Gateway ------------> Keycloak
I think this would not be possible using oauth2 mechanism. Keycloak is the authorization server and it has the responsibility to check for authentication as it has the user details with itself. As a solution you can always customize the UI provided by keycloak for authentication.
Thank you again,i now face this error when i try to hit localhost:9090 instead of getting logging page like you i get error 403 not authorized...have crosschecked my code to look like yours but in vain
If you mean, having a separate frontend and using keycloak for authentication, then you cannot do this in oauth2. Since keycloak is the authorization server, it provides the UI for login. However, keycloak login screen can be customized. Details are in the documentation.
Hi thanks,a new subscriber here been looking for such a tutorial for days i have implemented and itr has worked just aking i have a front end by react which api do i hit to be directed to the login page that has auth?
You can hit the /login endpoint. I have made another video talking about solving login and logout issues with keycloak. May be you can get some more info from there..
Do you know how to configure spring boot gateway to log out from keyclock? I am trying to use your application code and just having trouble. Any ideas would be very helpful !
In your keycloak realm settings, open the oidc endpoint url.. you will find all the urls there..including the logout url.. on calling the logout url.. you can logout..
I did some more research, so spring security handles logout using /logout url.. hitting that is enough to logout the user.. spring security will automatically take of the rest.
Try hitting this " auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout" on the auth server .. see if it logs out.. if it does.. then you need to check on the api gateway.. mostly "/logout" on the api gateway causes the logout to happen..
@@RefactorFirst i will try it. Also got to know that my realm_roles was not coming, so i have to update in Client Scopes > roles > Mappers > realm roles > Add to userinfo = true
Hi sir, I need a help when I am sending request from react to the microservice through gateway I am getting cors origin error. I would be grateful if you help.
Hi, thank you very much for your videos. Do you know how can I access a resource from a frontend in vuejs. For example, I want a list of products and I am trying to do it like this: export default class ProductService { url = "localhost:8181/api/product/" getAllProducts() { return axios.get(this.url, { headers: { 'Origin': ' localhost:8082' } }); } } The problem is that I have the following errors. 1. Setting the insecure header 'Origin' has been rejected. 2. Access to XMLHttpRequest at 'localhost:8181/api/product/' from origin 'localhost:8082' has been blocked by CORS policy: 'Access-Control-Allow-Origin' header is not present in the requested resource.
You saved my life with this tutorial 🙏🙏.. great work brother
Glad it helped you 🙂
Very informative and precise. Thank you for taking your time.
Glad I could help.
Very much needed and helpful information, thanks a lot. i have a question like you have shown this example by taking one service and created 2 classes RealmRoleConverter and ResourcesServerConfig as part of resource configs suppose we have 5-10 services so ,we need to create these two classes in all the microservices, right? am i right or is there any other way of doing this?
Yes.. if you want to protect them with OAuth2
You are magician !
TokenRelay is not working.
When I use postman to test my endpoints, gateway responds code 200 but always shows (in html in postman) the keycloack login webpage, I can never pass even submitting the token to the gateway. However, it works if I send the request to the microservice without using the gateway.
Do you know what could be happening?
Hello sir, How we can call auth api from postman, can you please make one video
Thanks for wonderful video, it gave me basic understanding of oath2 flow. Can you please also make a video for creating keycloak user from api gateway
To allow user creation, you just need to select the option to include user registration in the login ui. This is available from keycloak directly. Nothing changes on the API gateway
Hi, when I do this activity in API gateway from a browser it is generating cookies, how can we tell reactive security flow to stay Stateless and pass tokens in the headers?
You will need to define this in the properties. What I remember last is that there is a property to forward the token in the header. You will have to check the documentation for the property.
I have a onprem LDAP server which has all the info about user permissions. Planning to develop a Rest API on top of onprem server which gives the response as read/write perm, all of the microservices are on cloud and user roles are tagged to the rest api. Can I use keycloack to generate a token which contains user permissions as part of claims and pass it to the backend server to validate it?
How do i implement a POST API which passes through the Gateway?
Nice Video. How do you configure policy enforcer with spring cloud gateway for fine grained authorization?
Thanks for such an end to end working example with spring cloud gateway and Keycloak.
I have a query - How api gateway and keycloak can be used to authenticate user details received from a client application like Angular?
POST ({email password})
Flow : Angular -----------------------> API Gateway ------------> Keycloak
I think this would not be possible using oauth2 mechanism. Keycloak is the authorization server and it has the responsibility to check for authentication as it has the user details with itself.
As a solution you can always customize the UI provided by keycloak for authentication.
very good video. TY
Thank you again,i now face this error when i try to hit localhost:9090 instead of getting logging page like you i get error 403 not authorized...have crosschecked my code to look like yours but in vain
Try running my code from github.. may be you can figure out something more..
Great video! I have one question, how the frontend, for example react, integrate with keycloak for user registration etc? thank you
If you mean, having a separate frontend and using keycloak for authentication, then you cannot do this in oauth2. Since keycloak is the authorization server, it provides the UI for login. However, keycloak login screen can be customized. Details are in the documentation.
can you make more videos about keycloak configuration?
please make the theme light. it is less visible. hope u will do further on
Checkout the latest videos.. its with light theme..
I can configure the client (for login) and the resource server in the same app or configuration??
Yes.. you can.. you dont need the additional resource server dependencies. Just the auth server with security is enough..
Hi thanks,a new subscriber here been looking for such a tutorial for days i have implemented and itr has worked just aking i have a front end by react which api do i hit to be directed to the login page that has auth?
You can hit the /login endpoint. I have made another video talking about solving login and logout issues with keycloak. May be you can get some more info from there..
Do you know how to configure spring boot gateway to log out from keyclock? I am trying to use your application code and just having trouble. Any ideas would be very helpful !
In your keycloak realm settings, open the oidc endpoint url.. you will find all the urls there..including the logout url.. on calling the logout url.. you can logout..
I did some more research, so spring security handles logout using /logout url.. hitting that is enough to logout the user.. spring security will automatically take of the rest.
how to use Backchannel Logout URL for logging out the user in api gateway application
Hitting /logout will help as far as i can remember.
@@RefactorFirst Yeah I did that. But there is no login page coming again from keycloak. I am able to access the apis again without login.
Try hitting this " auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout" on the auth server .. see if it logs out.. if it does.. then you need to check on the api gateway.. mostly "/logout" on the api gateway causes the logout to happen..
@@RefactorFirst i will try it. Also got to know that my realm_roles was not coming, so i have to update in Client Scopes > roles > Mappers > realm roles > Add to userinfo = true
Nice.. hope your comment helps someone else also..
Hi sir, I need a help when I am sending request from react to the microservice through gateway I am getting cors origin error. I would be grateful if you help.
Can anyone help?
You will have to add allowed hosts to solved cors issue.
If your host is localhost add it to the allowed hosts.. that will solve the issue..
It should be in the gateway. right? Or in microservice?
If it should be where the spring security is integrated..
I have done as same as you have done in keycloak videos
Hi, thank you very much for your videos. Do you know how can I access a resource from a frontend in vuejs.
For example, I want a list of products and I am trying to do it like this:
export default class ProductService {
url = "localhost:8181/api/product/"
getAllProducts() {
return axios.get(this.url, {
headers: {
'Origin': ' localhost:8082'
}
});
}
}
The problem is that I have the following errors.
1. Setting the insecure header 'Origin' has been rejected.
2. Access to XMLHttpRequest at 'localhost:8181/api/product/' from origin 'localhost:8082' has been blocked by CORS policy: 'Access-Control-Allow-Origin' header is not present in the requested resource.