Webview in mobile with access token

SKDragon18 · March 9, 2025, 2:37pm

Hello everyone, i want to know how to imbed access token to webview to authen through apisix and keycloak. Please help me if you know.
Regardless of the method you have tried:

Cookie
Header Authorization
Param Encode in URL.

This is my setting in apisix:

{
  "uri": "/service",
  "name": "Service",
  "plugins": {
    "authz-keycloak": {
      "_meta": {
        "disable": false
      },
      "access_token_expires_in": 300,
      "access_token_expires_leeway": 0,
      "cache_ttl_seconds": 60,
      "client_id": "object_removal",
      "client_secret": "ruo5IxxF0v",
      "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
      "http_method_as_scope": false,
      "keepalive": true,
      "keepalive_pool": 5,
      "keepalive_timeout": 60000,
      "lazy_load_paths": false,
      "permissions": [
        "Removal"
      ],
      "policy_enforcement_mode": "ENFORCING",
      "refresh_token_expires_in": 3600,
      "refresh_token_expires_leeway": 0,
      "ssl_verify": true,
      "timeout": 3000,
      "token_endpoint": "http://host.docker.internal:8080/realms/apisix_test_realm/protocol/openid-connect/token"
    },
    "cors": {
      "allow_headers": "Authorization, Content-Type",
      "allow_methods": "GET, POST, OPTIONS",
      "allow_origins": "*"
    }
  },
  "upstream": {
    "nodes": [
      {
        "host": "host.docker.internal",
        "port": 8501,
        "weight": 1
      }
    ],
    "timeout": {
      "connect": 6,
      "send": 6,
      "read": 6
    },
    "type": "roundrobin",
    "scheme": "http",
    "pass_host": "pass",
    "keepalive_pool": {
      "idle_timeout": 60,
      "requests": 1000,
      "size": 320
    }
  },
  "status": 1
}

SKDragon18 · March 9, 2025, 2:39pm

Expect: access http://127.0.0.1:9080/service

Kostia · March 22, 2025, 8:51am

Maybe I got something wrong, but typically, WebView-like approaches are used to perform front-channel authentication. Then, in the back-channel part of the authorization code flow, you exchange the authorization code (retrieved via redirect) for a token, store the token in the keychain, and reuse it for interacting with your backends. The WebView, in this case, just operates with cookies (sso cookies) that could be useful for cookies based SSO authentication between mobile apps that reuse the same webview

Topic		Replies	Views
Need help with Access Token via Mobile APP and SSO with other APP in webview Getting advice oidc , saml , token-exchange	2	208	April 19, 2024
Flutter webview access token to keycloak account page	0	55	July 24, 2024
Apache webdav using oidc Configuring the server authentication , oidc	0	2432	March 4, 2020
Setup WebAuthn on Mobile Getting advice authentication	2	347	March 12, 2025
Request Access Token with content-type application/json	3	7595	July 6, 2021

Webview in mobile with access token

Related topics