Thank you for watching! I will keep doing more video. Don't forget to share to channel to your network 😅

Thank you so much Camilo!

I first need to investigate a little bit more about it

Thumbs up for this :) I'm currently struggling regard this approach

Thank you! I try my best

Oh, didn't see that. I will update it in the repository.

Yes, in this scenario the backend is acting as a BFF, you're right. The security is split between the frontend (as the client server) and the private backend (as the resources server). The API gateway is only there to redirect the requests

Using the authentication with Keycloak is very useful if you have many different applications (clients) which need this same authentication. If you only have one application (client), maybe putting all the authentication logic inside may reduce the complexity. But, using Keycloak is using a string authentication system, OAuth2. Which was tested for many years. Using you own authentication system means that you must take care of the security breaches. What I recommend? It depends on you (and your team): * if you need the same authentication system for many application -> use Keycloak * if you don't know much about security breaches or authentication systems -> use Keycloak * otherwise -> use a simple authentication system inside you already existing application Hope this will help you

@@TheDevWorldbySergioLema what the client scope is for? Is it mandatory?

It's not mandatory. You can let the value to profile, name, email or openid. It says what kind of information you want to fetch from the User's profile.

To allow the POST requests, make sure to allow the CORS in the application.yml of the Gateway. About the CSRF, I din't anything particular, it was disable by defautl.

Yes, you can configure a custom login page in Keycloak

@@TheDevWorldbySergioLema Ok. How do I go about it?

I didn't try it, but this seems to be what you're looking for: www.baeldung.com/keycloak-custom-login-page

Do you use the Spring Cloud Api Gateway? Or directly Spring Security? If you use Spring Security, check this other video where I configure the CORS: kzbin.info/www/bejne/ppnWamOVqJWAoM0

Hi Rekishi, thanks for your interest. I didn't try to the logout, but it's a good question. Did you check the settings of the frontend oidc-client library post_logout_redirect_uri (github.com/IdentityModel/oidc-client-js/wiki)? Maybe just adding this configuration when creating the frontend client is enough. If that's the case, let me know your feedbacks.

@@TheDevWorldbySergioLema Thanks for the quick reply. I managed to solve it for now by adding the "post_logout_redirect_uri:" field to settings when creating the UserManager, then setting the same url in Keycloak and copying your signin-callback.html page and remaking it for using "signoutRedirectCallback()"

Glad it worked so easily!

Glad it helped you!

Yes, all the resources servers you have need the configuration to be able to talk with Keycloak.

@@TheDevWorldbySergioLema ok but what if there is for example 50 resources that have to be secured? Copy paste code in each? 😅

Yes 😅. But you can also add a Config Server, kzbin.info/www/bejne/pmeYpmeqZ5t1eMU

@@TheDevWorldbySergioLema I see but it wouldnt be better to configure api gateway as resource server and there provides configuration to secure some of services? It seems to be best solution if Spring Cloud Api Gateway is an entry point

You're right, i will try to implement this solution

This should change. You need to add the SSL certificate to Keycloak and the Gateway

Thanks! Yes you can create your own React login page. Then, in Keycloak, you can select the login page where the user will be redirected.

Thank you Rajeev. I've been looking around and found this information (github.com/IdentityModel/oidc-client-js/issues/1044). It seems to be the cookies.

Thank you!

Thank you!

Do you mean having a login form integrated inside the frontend without the redirection to the login page of Keycloak?

@@TheDevWorldbySergioLema just like you said

I don't if configuring a custom login page in Keycloak is enough. I never did it, so I can't tell you if it works.

@@TheDevWorldbySergioLema thank you i have last question You have installed keycloak legacy version . Would it be a problem if we use the release version?

I don't thing there is much difference

Yes, I will try to implement this way. I've already done something similar, with a single JWT, but not with OAuth2 and Keycloak.

Hy! Any update on this? Sorry for bothering you.

It's planned, but i didn't started yet

😂 Yes, I saw that when writing the subtitles

Yes, someone already told me about this alternative. I will try to make another video with this solution. About the CORS problem, you must configure them in both the api gateway and keycloak. Try with different browsers (sometimes they act differently).

Hey , have you been able to mange that cors issue ?

Thank you!

Hope it helped you!

I didn't try the logout. Have you any message describing the error? Or nothing is shown?

@@TheDevWorldbySergioLema Like logout was working but it was not redirect back to app, I have to set post logout redirect url and it worked. Thanks for the video.

Thanks for your feedback!

I'm so glad you liked it!

It must be done directly in Keycloak.

You can see it in this video, kzbin.info/www/bejne/j3m6l31-gKyMfas

@@TheDevWorldbySergioLema thanks sergio, so every user that wants to use my application must first register on keycloak? let´s say an E-comerce

Yes, that's the goal of an SSO, you use keycloak just to sign, not to register. If you want to register the users in your application and manage their accounts, it's another authentication system you need

Oh no! Please, no, not rubyonrails

😅🙏

🤣 In fack, my channel is mainly about Java, and I've done a few videos with Keycloak. Which language are you looking for?

@@TheDevWorldbySergioLema I'm a Rails or Express guy so maybe JavaScript or Ruby.

@@TheDevWorldbySergioLema the keycloak documentation is terrible and I've wasted weeks trying to figure out how to integrate a rails api with a react frontend with keycloak. One of the worst documented projects I've ever seen.

It's not well documented. But once you've started and configured Keycloak, what you need to know is the OAuth2 protocol with whatever language.