Skip to content

Commit 8b55c46

Browse files
docs: working on keycloak server documentation.
1 parent 05c66c1 commit 8b55c46

2 files changed

Lines changed: 35 additions & 9 deletions

File tree

README.md

Lines changed: 35 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -98,14 +98,19 @@ export function initializer(keycloak: KeycloakService): () => Promise<any> {
9898
### Keycloak
9999

100100
Besides configuring the keycloak lib in your application it is also necessary to setup the
101-
access for the account and the client applications that you intend to protect.
101+
access - scope for the **account** client.
102102

103-
In this documentation we are supposing that you already installed, configured your Keycloak
104-
instance and created the client app.
103+
In this documentation we suppose that you already installed and configured your Keycloak
104+
instance, as well created the client app.
105105

106-
> TODO add screens
106+
**Hint:** If you need to create an environment for testing purposes, try out the [Keycloak demo](http://www.keycloak.org/downloads.html).
107107

108-
There is also a setup in [Keycloak](http://www.keycloak.org/) to be done, giving the right
108+
109+
#### Client configuration
110+
111+
When requesting the method to get the User's Profile, the client app should have the scope and access to the account **view-profile** role. To do it, access **Clients** :arrow_right: **My-app** :arrow_right: **Scope**. Select the **account** app in Client Roles and assign the view-profile role.
112+
113+
![keycloak-account-scope](./docs/images/keycloak-account-scope.png)
109114

110115
## AuthGuard
111116

@@ -151,15 +156,36 @@ export class AppAuthGuard extends KeycloakAuthGuard {
151156
}
152157
```
153158

154-
155-
156159
## HttpClient Interceptor
157160

158-
> TODO documentation
161+
By default all HttpClient requests will add the Authorization header in the format of: Authorization: Bearer ***TOKEN***.
162+
163+
There is also the possibility to exclude a list of URLs that should not have the authorization header. The excluded list must be informed in the keycloak initialization. For example:
164+
```js
165+
try {
166+
await keycloak.init({
167+
config: {
168+
url: 'http://localhost:8080/auth',
169+
realm: 'your-realm',
170+
clientId: 'client-id'
171+
},
172+
initOptions: {
173+
onLoad: 'login-required',
174+
checkLoginIframe: false
175+
},
176+
bearerExcludedUrls: [
177+
'/assets',
178+
'/clients/public'
179+
],
180+
});
181+
resolve();
182+
} catch (error) {}
183+
```
159184

160185
## Contributing
161186

162-
> TODO documentation
187+
If you want to contribute to the project, please check out the [contributing](CONTRIBUTING.md)
188+
document.
163189

164190
## License
165191

73.4 KB
Loading

0 commit comments

Comments
 (0)