‏ ‏ ‎ ‏ ‏ ‎ 

Credits for Halil Bahar for his awesome quarkus-angular-keycloak lecture

1. Concept

source: Catalin Patrut - Angular

0 security concept

2. Create Quarkus Project

mkdir keycloak-demo
cd keycloak-demo
Create a simple maven project: File  New  Project…​  Maven

a create quarkus project 01

a create quarkus project 02

Create a new module: File  New  Module…​  Quarkus

a create quarkus project 03

a create quarkus project 04

a create quarkus project 05

Make changes in the endpoint
@Path("/hello")
public class ExampleResource {

    @GET
    @Produces(MediaType.TEXT_PLAIN)
    public String hello() {
        return "Hello from Server";
    }
}
Start the Quarkus app - Open a terminal in IntelliJ
cd quarkus-backend
./mvnw clean compile quarkus:dev

3. Access to the Unprotected Endpoint

3.1. Create a http-client in IntelliJ

  • Right Click on project root quarkus-angular-keycloak-demo

  • New  HTTP Request

  • Name: http-request/request.http

  • Write http-request

request.http
GET http://localhost:8080/hello

###

3.2. Disable openid connect (oidc)

src/main/resources/application.properties
# OIDC Configuration
quarkus.oidc.enabled=false

When oidc is not disabled, the following error will occur:

io.quarkus.oidc.OIDCException: Tenant configuration has not been resolved

4. Use the http-client

b create http client

5. Configure Keycloak

5.1. Run Keycloak-Docker-Container

docker run --rm -p 8180:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak:15.0.2

5.2. Access Administration Console

c keycloak add realm

5.3. Add Realm

  • Add realm

    • Name: htl

    • Create

5.4. Add Client

  • Clients

    • Create

      • ClientID: demo

      • Client Protocol: openid-connect

      • Advanced Settings

        • Access Token Lifespan: ???

        • Client Session Idle: ???

      • Click Save

  • Users

    • Add user

      • Details

        • Username: admin

        • Email Verified: ON

        • Save

Add user

c keycloak add user

  • Credentials

    • Password: passme

    • Password Confirmation: passme

    • Temporary: OFF

    • Set Password

    • Are you sure you want to set a password for the user?: Set password

  • Clients → demo

    • Settings

      • Access Type: bearer-only

      • Service Accounts Enabled: ON

      • Authorization Enabled: OFF

      • Valid Redirect URIs: http://localhost:8080/

      • Save

    • Credentials

      • Copy Secret into clipboard

      • Paste the secret in application.properties in the line "quarkus.oidc.credentials.secret"

Bearer tokens allow requests to authenticate using an access key, such as a JSON Web Token (JWT). The token is a text string, included in the request header.

Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources

6. Create Angular App

7. Sources