I am trying to secure a Spring Boot Application with Angular as frontend. Therefore I am using keycloak-angular and keycloak-js.
In every example you can find, it is always assumed that all routes should be secured. I now have some routes that are openly accessible:
{
path: 'dashboard',
component: DashboardComponent,
resolve: {
data: LayoutResolver
}
},
{
path: 'add-news',
component: AddNewsComponent,
canActivate: [AdminAuthGuard]
},
My APP_INITIALIZER looks like this:
function initializeKeycloak(keycloak: KeycloakService) {
return () =>
keycloak.init({
config: {
url: environment.keycloakUrl,
realm: environment.keycloakRealm,
clientId: environment.keycloakClientId,
},
initOptions: {
onLoad: 'check-sso',
silentCheckSsoRedirectUri:
window.location.origin + '/assets/silent-check-sso.html',
}
});
}
Everything works fine. However, when I am on the dashboard and reload the page, I seem to lose my authentication. keycloakService.isLoggedIn always returns "false". What am I doing wrong? I expect to still be logged in in this case.
For us the solution was to add:
to the
initOptions
in thekeycloak.init
method.Thanks to a colleague