Hi, I’m quite new to keycloak, so please excuse my probably stupid question. Unfortunately I cannot figure how to properly configure keycloak to match the requirements.
I have an angular application that consists of multiple layers, for “public”, “authenticated” and “trusted” users. “Public” is accessible for everyone and does not need any authentication - this works since I just don’t request keycloak.
Authenticated should only request the user to sign up and have a password.
Trusted users must have a password and a verified phone number.
Now my problem:
I can only configure one flow independent of where I am on my application. Can I somehow specify a specific flow for each authenticate request or how do I configure this properly?
I have an angular application - yes, so i have multiple routes, yes - let’s say the following:
/home (for public)
/account (for authenticated)
/buy (for trusted)
Right now I’m basically checking if a user is authenticated and if he’s not i redirect him to keycloak where he authenticates - so far so good.
My problem is that this redirect to keycloak has no context or similar. I only have one flow for keycloak, but I need one for just password authentication and one for password auth plus SMS auth.
I do not know how to configure keycloak to have multiple flows that can be used by redirection, controlled from the outside.
Maybe two different clients would be better than two different realm, there is an option in keycloak to make a specific flow per client (overriding the default one)
Didn’t quite understand you, what do you mean by profile?
By the way, take a look at this code:
Really simple one, what I have done there is I’m using the authorization code flow, but you could use something else,
But the main thing there, that maybe you should check out is in the backend
There is a public api endpoint so everyone could access it, and there is a protected one.
For the protected one there I made an option for only authentication, or for authorization by any claim.
So if we will take it to your situation,
You could try to make:
public route for everyone
protected for authenticated users
protected for authorized users (when you get their token check for example if they have the claim ‘trusted’ with the value ‘true’
Hope you got it.
And there is no need for different flows for this implementation.
By the way, maybe this is what you are looking for: