Completely exclude some routes from keycloak

See original GitHub issue

- [ ] bug report -> please search for issues before submitting
- [x] feature request

Versions.

6.0.1

Desired functionality.

I have a router with several endpoints. Keycloak service is initialised in root app module with APP_INITIALIZER as described in manual. During the initialization process, keycloak performs redirect to sso page and back. What I need: do NOT perform keycloak initialization and any redirections for some routes at all. How can I achieve this for now?

Issue Analytics

State:
Created 4 years ago
Reactions:10
Comments:12 (1 by maintainers)

Top GitHub Comments

7reactions

dsarceviccommented, Oct 17, 2019

I wanted to ask the same question, so is there any suggestions @mauriciovigolo regarding this?

To be more accurate, we want routes like ‘/about’, ‘/signup’ publicly accessible. If we exclude mentioned paths from bearerInterceptor, users are still redirected to KC login. If we disable bearer interceptor, than we have manual control using guards and interceptors, but we are not sure is that good way.

We are tried to initialize KeycloakService during app initialization like this:

        await keycloak.init({
          config: environment.keycloakConfig,
          loadUserProfileAtStartUp: false,
          initOptions: {
            onLoad: 'check-sso',
            checkLoginIframe: false
          },
          bearerExcludedUrls: ['/about','/signup'],
          bearerPrefix: 'KC-Bearer'
        });

Except initial approach (by disabling bearerInterceptor), we could place all private routes under private module and initialize Keycloak there as weihsth suggested.

4reactions

singhvivek2503commented, Dec 13, 2019

Hi @mauriciovigolo , We tried to implement guard which would allow that users without authentication can access to public urls (and not access to protected pages), but if we initialize Keycloak instance as I copied above (using initializer function in app.module), guard is ignored and users are always redirected to Keycloak login.

As I said, if we disable bearerInterceptor and manually put Bearer in header on places where user is authenticated, than we can achieve desired behaviour, but we are not sure is that good approach.

Do you have any idea when we can expect 8.0.0?

p.s. Many thanks for great library

Hi @mauriciovigolo

Any updates on this? I am facing similar blocker issue for my angular app

Top Results From Across the Web

how to exclude some angular components from authentication ...

in this post, we will see how to exclude some angular components from authentication in keycloak, Keycloak is an Open Source Identity and ......

Exclude specific page urls from Keycloak Authentication

I would like to exclude this page from keycloak authentication process. I already tried bearerExcludedUrls keycloak config & it doesn't help ...

How to secure some routes in angular - Keycloak Discourse

I installed keycloak package for angular and it works fine, but now I have two pages that do not need to be redirect...

Server Administration Guide - Keycloak

A user will not be able to complete the authentication process until ... Also, you cannot save metadata except for user profile metadata ......

keycloak-angular - Awesome JS

A HttpClient interceptor that adds the authorization header to all HttpClient requests. It is also possible to disable this interceptor or exclude routes...