I am working on an Angular App which authenticates its users from a keycloak server , I am using below initialization function from keycloak service (‘keycloak-angular 8.2.0’ ).
import { KeycloakService } from 'keycloak-angular';
export function initializeKeycloak(keycloak: KeycloakService): () => Promise<boolean> {
console.log('keycloak profile will be loading...')
return () =>
keycloak.init({
config: {
url: 'http://localhost:8080/auth',
realm: 'MyRealm',
clientId: 'uiclient',
},
initOptions: {
onLoad: 'login-required',
checkLoginIframe: true,
checkLoginIframeInterval: 25
},
enableBearerInterceptor: false,
loadUserProfileAtStartUp: true
});
}
I declared the same as APP Initializer in ‘app.modules.ts’
{
provide: APP_INITIALIZER,
useFactory: initializeKeycloak,
multi: true,
deps: [KeycloakService],
}
I got a requirement to restrict the users based on the current sessions, Eg: If the current session count w.r.t a client(here users with client id-‘uiclient’) is 100, restrict all further users to access the App(Login can be success but no access to any features of my App).
Initially, I planned to achieve this in my business logic, i.e., when this Angular app is initializing, I made an API call to below key cloak API that responds with current session count.
http://localhost:8080/auth/admin/realms/FUMS/clients//session-count
Based on the count, I either allow user or deny user to access the further features of my APP. But , when ever the app gets refreshed , the logic I had followed will restricts the logged in users who had already logged in. Instead of writing this logic in APP initializer I am planning to implement it once the user login gets successful. So that after every user login, I will verify the session count and disable the further features if session count > restricted count.
Since authentication is handed over to the keycloak-angular service, i am not sure who to achieve this, is there any keycloak-angular function that can be used as callback function to implement my business logic post the successful user login ?? or any other way to restrict the users of a client from key cloak ??