You authenticate between your SPA and Keycloak and receive a token.
You call your API with that token from your SPA.
Your API validates the incoming token from your SPA with Keycloak
Thanks. What Access Type would I use for the front end React single page app and the Spring Boot application server? Am I right to assume that the React client would use public and the Spring Boot application server would use Bearer-only?
I’m trying to accomplish the same thing, Spring Boot Rest API that needs to be secured and a ReactJS front end. I’m confused because I don’t know if I need only one client or a client for each app (backend and front end). If so what is the access type for each client?
What is the configuration that you went with in your case?
Thank you so much
Hi @boukmi. Sorry I didn’t reply sooner. I have ended up with a frontend client with access type public and a backend client with access type confidential. I went with confidential because I wanted to enable a service account so that I can assign roles to the client to use with other microservice clients.
I hope it helps
Thank you @ivangfr. I will definitely take a look at this.