How to get an auth code from Keycloak(OAuth2 standard flow) in a JEE-Maven project?

Question

I need to secure a web-app, the backend will be Java Rest API, meanwhile I'll use Angular for my front. I am using Keycloak to authenticate into my webapp, but I need to follow the standard flow of OAuth, that means I need to get first the auth code and then the access&refresh tokens. I saw some configuration, but they're all related to Spring, like putting this code in application.properties

# keycloak properties
keycloak.realm = services
keycloak.auth-server-url = http://127.0.0.1:8080/auth
keycloak.ssl-required = external
keycloak.resource = todo-api
keycloak.use-resource-role-mappings = true
keycloak.security-constraints[0].authRoles[0]=users
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/api/todo/*

The thing is in my project I don't have an application.properties file. I've created a client in Keycloak, how do I have to configurate my JEE project to get the auth code?

Thanks a lot

Answer 1

You will need to log into Keycloak and select your realm and client "todo-api". Select the Installation tab and usually the Keycloak OIDC JSON format. This will create a configuration file that your frontend application will use for managing keycloak. To enforce the Auth code flow, disable the "Implicit Flow Enabled" and "Direct Access Grants Enabled" setting on the "todo-api" client.