Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token Mediation / BFF Pattern Authentication Patter Redirect #454

Open
safaci2000 opened this issue Dec 20, 2023 · 0 comments
Open

Token Mediation / BFF Pattern Authentication Patter Redirect #454

safaci2000 opened this issue Dec 20, 2023 · 0 comments

Comments

@safaci2000
Copy link

Is your feature request related to a problem? Please describe.
Is Token Mediation pattern supported by gocloak? I've looked over the docs but honestly couldn't find a way of doing it.

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#name-token-mediating-backend

Describe the solution you'd like
The ability to redirect a user to keycloak for authentication.

Additional context

                       +-------------+  +--------------+ +--------------+
                            |             |  |              | |              |
                            |Authorization|  |    Token     | |   Resource   |
                            |  Endpoint   |  |   Endpoint   | |    Server    |
                            |             |  |              | |              |
                            +-------------+  +--------------+ +--------------+

                                ^                        ^              ^
                                |                     (F)|           (K)|
                                |                        v              v

                                |         +-----------------------------------+
                                |         |                                   |
                                |         |    Backend for Frontend  (BFF)    |
                             (D)|         |                                   |
                                |         +-----------------------------------+
                                |
                                |           ^     ^     ^     +       ^  +
                                |      (B,I)|  (C)|  (E)|  (G)|    (J)|  |(L)
                                v           v     v     +     v       +  v

+-----------------+         +-------------------------------------------------+
|                 |  (A,H)  |                                                 |
| Static Web Host | +-----> |                    Browser                      |
|                 |         |                                                 |
+-----------------+         +-------------------------------------------------+

When no active session is found, the JavaScript application calls out to the BFF (C) to initiate the Authorization Code flow with the PKCE extension (described in Section 6.1.3.1), to which the BFF responds by redirecting the browser to the authorization endpoint (D). When the user is redirected back, the browser delivers the authorization code to the BFF (E), where the BFF can then exchange it for tokens at the token endpoint (F) using its client secret and PKCE code verifier.
@safaci2000 safaci2000 changed the title Token Mediation / BFF Pattern Token Mediation / BFF Pattern Authentication Patter Redirect Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@safaci2000