Question about user login and registration.

[ZhenFTW]

Hello, First of all thank you for making this package. I am beginner in spring boot and have been learning spring security and keycloak these past days, however I can't find an updated tutorial about how to use both in their latest environment. Most of the repository I found in the internet are either deprecated and uses java and keycloak old adapters. Thus, it is hard for me get started.

I have found your repository, and thankful how you use the updated version of each framework and simplify the authorization filter process of spring. I have finally able to use your sample tutorial in this repo after spending days on how to configure keycloak and configuring it's roles and scope.

Although the repository not primarily specifies to use keycloak as an OIDC auth server. I would love to ask what's the best way to handle keycloak login and user registration as of today. Like you said in stackoveflow keycloak-spring-boot-starter is deprecated. What do you think is the best way to handle authentication in spring without using that package. Should I use keycloak-admin-client (Though I'm not sure if I can use it without keycloak starter package) or just use rest client. Maybe an example of how to handle authentication can be seen in this repository.

[ch4mpy]

Authorization-code, which is the OAuth2 flow to authenticate users, is initiated when a client redirects the resource-owner (user) to the authorization-server. Resource-server is not involved in authorization-code flow. Most authorization-servers provide with cutomizable UI for users login / registration (this includes Keycloak): just redirect users to authorization endpoint.

There are way too many client frameworks (and applications like Postman) for this repo to cover it: Angluar, React, Vue, Flutter, iOS, Android, JSPs, PHP and so many others. How to handle redirects to and from the authorization-server, exchange authorization-code for an access-token, token refreshing, adding Authorization header with bearer access-token to requests sent to protected routes, logout, etc. changes with each framework and is not the scope of what I'm doing here: securing the resource-server and unit-testing security rules. Find a lib to help you with your client framework (I'm using https://github.com/damienbod/angular-auth-oidc-client for Angular) and refer to its documentation.

Maybe will I concider adding above paragraph to tutorials README, but I'm not sure I could do much more.