I have multiple services running on localhost:8080. For e.g:
a) GET localhost:8080/idtest/{id}
b) POST localhost:8080/idtest
and to test them I use POSTMAN.
I want to protect these services by keycloak authentication when they are triggered. Hence, I got the keycloak server installed, created realm,client and rolemapping.
Is there a possibility to add authentication in general to all API's with the same root path just at one place?
Using Golang for implementation.
In keycloak client page:
Base URL: localhost:8080
Redirect URL: localhost:8080/test
I have followed this procedure in my localhost client.
As per it, when I am running localhost:8080
on my browser, I get redirected to http://localhost:8080/test
and I get below json:
{
"OAuth2Token": {
"access_token": "eyJhbGciOiJSUzI1Ni",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIs",
"expiry": "2019-07-16T17:41:43.4884786-04:00"
},
"IDTokenClaims": null
}
Now when I am using POSTMAN with my header type authorization - bearer "accesstoken retrived from above JSON" for
1) http://localhost:8080
I again get HTML for keyclaok login,
but when I am using browser to hit http://localhost:8080
it is redirecting me to localhost:8080/test
page.
How can I test it from POSTMAN? What am I doing wrong?
2) http://localhost:8080/idtest/12345
this service runs seamless irrespective of access token. I want to know how can I add this under the umbrella of same authentication ? I read about single sign on for multiple clients but these services belong to same client.
I tried adding them as resources under authorization tab of client. Do I need to make any changes in the code as well ? How can I do it ?