I am working with two web applications, each consisting of a frontend implemented in AngularJS and a backend built with Java. The frontend of each application utilizes a unique keycloak.json configuration file for public access, while the backends are set up with keycloak.json files designated for bearer-only access. Currently, each frontend successfully interacts with its corresponding backend. My goal now is to establish REST communication between the two backends. What steps should I take to accomplish this, considering that the REST services on both backends require token validation for secure access?
why dont you explore service accounts in keycloak? they allow server-to-server communication without front-end involvement. Just configure each backend as a client with a service account and use the generated tokens for REST calls. dont forget to map roles required for the calls u want to make!
To establish REST communication between your two Keycloak-secured backends, you can configure mutual trust using client credentials. Begin by creating each backend as a Keycloak client. Then, set up client credentials (either client-secret or JWT) for server-to-server authentication. You can then acquire an access token using these credentials via the Keycloak token endpoint. Ensure the assigned roles and realm permissions match the required access on each backend, and implement token validation in the backend processing the inbound request to secure the communication.
hey, have you considered playing around with a token exchanger? i heard keycloak provides it and it might simplify swapping tokens between your services. could be ideal to manage secure interactions without hassle. anyone got experience with token exchange for interservice communication in similar setups? i’m curious how well it works! 