How to SECURE My Microservices Architecture (REACTJS + SPRING CLOUD GATEWAY) With Keycloak

preview_player
Показать описание
In this video I show how to connect a React application to a Spring Cloud Gateway backend using Keycloak as an Authorization Server.

Content:
* What's the difference between the backend authentication workflow and the frontend authentication workflow with Keycloak;
* What's the PKCE Authorization Code Flow;
* How is the API Gateway configured with a connected React application;
* How is the resources server configured to be connected with Keycloak;
* How to connect a React application with Keycloak;
* How to register a public client in Keycloak.

Icons:
* File by Alwin Aulia from Noun Project
* Lock by Aya Sofya from Noun Project
* Police by James Smith from Noun Project
  1. The Dev World - by Sergio Lema
  2. java
  3. keycloak
  4. react
  5. spring security
  6. api gateway
Рекомендации по теме
Microservices Security Architecture 0:08:02

Microservices Security Architecture (+ Cybersecurity basics)

Microservices Authentication/Authorization architectural 0:10:03

Microservices Authentication/Authorization architectural pattern

Secure Your Microservices 0:24:53

Secure Your Microservices Using Keycloak | Spring Cloud Gateway | JWT | JavaTechie

Microservices Security Using 1:25:32

Microservices Security Using JWT | Spring Cloud Gateway | JavaTechie

How to secure 0:53:51

How to secure your Microservices with Keycloak - Thomas Darimont

How to SECURE 0:14:19

How to SECURE My Microservices Architecture (REACTJS + SPRING CLOUD GATEWAY) With Keycloak

How to Secure 1:00:13

How to Secure Your Microservices Architecture With JSON Web Tokens

Securing microservices: a 0:52:14

Securing microservices: a practical guide by Katherine Stanley & Adam Pilkington

2024 Java Microservices 0:13:24

2024 Java Microservices Architecture| Monolithic vs Microservices with Spring Cloud: Episode-2

Securing #microservices using 0:05:58

Securing #microservices using #apigateway | #authentication & #authorisation in #microservices

Implementing Microservices Security 0:46:26

Implementing Microservices Security Patterns & Protocols with Spring Security by Joe Grandja

Spring Cloud API 0:15:17

Spring Cloud API Gateway | JWT Security | Pass UserDetails to Microservices | JavaTechie

Top 10 Security 0:38:11

Top 10 Security Best Practices to secure your Microservices - AppSecUSA 2017

How To Secure 0:37:59

How To Secure Your MicroServices - Andy Davies

Securing Spring Boot 0:32:38

Securing Spring Boot Microservices with Keycloak using OpenID | OAuth2.0 | JavaTechie

Microservices Explained in 0:05:17

Microservices Explained in 5 Minutes

Implementing Microservices Security 1:10:35

Implementing Microservices Security Patterns and Protocols with Spring Security

Secure Your Microservices 0:26:40

Secure Your Microservices with Spring Security and OAuth

Securing Microservices with 0:55:48

Securing Microservices with API Key Based Auth - Spring Cloud Gateway | JavaTechie

Microservices Security | 0:21:55

Microservices Security | Best Practices To Secure Microservices | Microservices | Edureka Rewind

Protect Your Microservices 0:28:10

Protect Your Microservices with Spring Cloud Gateway

Microservices Security - 0:07:57

Microservices Security - The Complete Guide (1/58)

Spring Boot Microservices 0:18:44

Spring Boot Microservices Tutorial - Part 6 - Security using Keyloak

Security and Microservices 1:00:49

Security and Microservices by Sam Newman

Комментарии
Автор

Finally, find what I looked for. Really thanks and perfect video. keep doing more please

manee
Автор

Thank you very much. You explain very complicated things in very clear language

katacode
Автор

now i know how to implement pkce authorization with react ! thanks !

damjuve
Автор

Could you please make video to demo BFF pattern ( Backend for FrontEnd). BFF is thought more secure than PKCE flow.

wanggewg
Автор

TUSM. Great content. Just one thing - you have been writing OIDC, Open ID Connect ... but you pronounce OI-SEE-d, lol xD

techlead_ashu
Автор

Great tutorial! But I have one question, what if there is multiple backend resources? Do i need to add security config in each microservice?

Mateusz-dlmr
Автор

Hey Sergio, thanks for a great tutorial. I've been looking for one covering both a backend and frontend connected to keycloak. I was wondering how you would implement redirect when logging out? As of this tutorial the logout button works but it doesn't take you back to the index page. I've been trying to use your solution for the signin callback, but with no luck. How would you implement the callback for logout?

PatrikM
Автор

in your project you're still on version 2.7.1; any update concerning spring <version>3.0.2</version> and keycloak? thanks

daniellaerachannel
Автор

Thanks for the video. However, I have a question.
Is there a way to login to keycloak without redirecting to the keycloak login page? I have a custom login screen in my ReactJS app and I want to make use of it instead.

stanleynyekpeye
Автор

Agree, I think resource server brings us too much overhead given microservices in reality hides behind the gateway and frontend cannot access it directly. So I would like to see a solution where we only parse the token in gateway once via some filter. And then pass the the resolved userId to microservcies through some http header(Not pass token, this way we don't need to set each and every micro-service as a resource server.

songbaiyin
Автор

Hello! i'm trying to replay this situation and i have a CORS issue. Any idea?

maxi
Автор

Hi, It seems, in this scenario, the role of the cloud gateway api is just to convey the request to different resource server(backend resources) endpoints? It has no contribution to the security. Here the first line of action takes place with the user requesting the react frontend, which redirects the user to keycloak login page if the user not logged in? In some scenarios where the cloud gateway is a part of the security and is the first line of action, and its called BFF(backend for front end), if I am not mistaken. Is that right?

codingstyle
Автор

Really great tutorial! Is there a way to create my own React login screen that could be used with keycloak? Thanks!

poomc
Автор

Hi! I have a doubt. I have a Web site that must access protected API. I have a Spring Cloud gateway and some microservices and here I implemented the authorization based on roles.. Now I followed the way to register the Gateway as confidential client on Keycloak and store in it client_id and secret_id. I was wondering if this way was better and what the differences were. Thanks

andreamonte
Автор

How do you allow post requests using this keycloak flow?

I am always getting back a missing csrf token error. Any idea how to configure this or to disable csrf?

treefrog
Автор

Great Video. It helped me a lot...We are planning to use Spring 3.1 Authorization server . I am tryin to use the React Code to connect to Spring Auth server. Login Screen is comming and the login is successful.. but in the end I am getting the following error in the signin-callback.html : No matching state found in storage. Could you please tell me how to fix this issue. With Keycloak it is fine....Thanks

rajeevjayaram
Автор

Could gateway be also a resource server so it can validate tokens? In my case I get Cors error: Missing allow origin header in preflight request, I already tried several ways to enable Cors with no luck.

poseidonzf
Автор

ITM - Всем здарова! Вам тоже сложно даются видосы на инглише?

rustemzinnatullin
Автор

Hi sergio, have a question, what about registration?

cristianpadilla
Автор

Video is nice, but if you had less content switched back and fort to your face - it would be way better.

EugeneZimin