Securing React app with Spring Boot backend

My company has a single page web app using React with a backend application server on Spring Boot. I’m trying to transition from an in-house purpose built authentication system to Keycloak. I’m trying to figure out if I can simply secure the application with the Spring Boot Adapter or if I will also need the javascript adapter. I’m struggling to understand if I need to integrate Keycloak with the frontend React app or if it is sufficient to secure the Spring Boot backend APIs with the Spring Boot Adapter?

You authenticate between your SPA and Keycloak and receive a token.
You call your API with that token from your SPA.
Your API validates the incoming token from your SPA with Keycloak

Thanks. What Access Type would I use for the front end React single page app and the Spring Boot application server? Am I right to assume that the React client would use public and the Spring Boot application server would use Bearer-only?

Hi apapia,
I’m trying to accomplish the same thing, Spring Boot Rest API that needs to be secured and a ReactJS front end. I’m confused because I don’t know if I need only one client or a client for each app (backend and front end). If so what is the access type for each client?

What is the configuration that you went with in your case?

Thank you so much

Hi @boukmi. Sorry I didn’t reply sooner. I have ended up with a frontend client with access type public and a backend client with access type confidential. I went with confidential because I wanted to enable a service account so that I can assign roles to the client to use with other microservice clients.

1 Like

@apapia @boukmi I’ve just seen this discussion now. I have implemented a project that looks similar to what you guys are looking for. It’s this one

I hope it helps

1 Like

Thank you @ivangfr. I will definitely take a look at this.