How to call keycloak protected rest api from front end

Hi everyone,

I have a backend application in Java using JAXRS Rest APIs. I have used keycloak to secure the REST endpoints. In case if I need to access endpoint, keycloak access key is required to be sent.

Example:
localhost:8080/myapp/rest/test
returns unauthorized, unless sent with Bearer token which is received using:
localhost:8180/auth/realms/master/protocol/openid-connect/token
with body containing arguments (realm/ client/ etc)

Now I need to create front end application in Vue.js and call these endpoints. How can I manage to do that having two different URLs ( keycloak and backend)

Is there a way where I can connect to keycloak using my backend and call backend from my frontend only.

In case if there is any reference, it will be really helpful.

I found the following link but it uses vert.x which support authenticating to keycloak, I cannot find anything similar in Java. I am new to both keycloak and vue.js therefore any guideline/ help will be highly appreciated.

Thank you

Keycloak supports both OpenID Connect (an extension to OAuth 2.0) and SAML 2.0. When securing clients and services the first thing you need to decide is which of the two you are going to use. If you want you can also choose to secure some with OpenID Connect and others with SAML.

To secure clients and services you are also going to need an adapter or library for the protocol you’ve selected. Keycloak comes with its own adapters for selected platforms, but it is also possible to use generic OpenID Connect Relying Party and SAML Service Provider libraries.

For example:

• Getting started with Keycloak
• Angular, OpenID Connect and Keycloak
• Angular, OAuth 2.0 and Keycloak
• Keycloak, Flowable and OpenLDAP
• Flowable OAuth2 Resource Server

Hi Robinyo Thanks for the reply.

I have used open id connect and also used adapter on my backend application to connect to keycloak server. This has been successfully setup and my rest services are secured (Java used).

How can I access these keycloak protected services from my front end application (Vue.js in my case).

Should my frontend call auth/realms/master/protocol/openid-connect/token to get access token from keycloak server then in turn send call to my backend api with the generated token ? Or there is a way to get token from keycloak server within backend. This way front end will only communicate with backend and not directly with keycloak server.

I hope my question is clarified. Still if required please do not hesitate to ask.

Try clicking on the links (and reading the associated posts) included in my response to your original question …

Have you figured out the answer? It seems there is no way to make backend other than frontend talk to keycloak server.