This directory consists of a sample server-side web application (Hapijs-based) which can authorize with Keycloak using OAuth2.0's Authorization Code Grant.

It uses both keycloak-connect and keycloak-hapi libraries to minimize the code that needs to be written.

• A running instance of Keycloak with a realm and a confidential client configured according to the application.yaml and Standard Grant enabled.
• Installed NodeJS
• Installed all dependencies

npm install

The authorization code grant is the most commonly used because it is optimized for server-side applications, where source code is not publicly exposed, and Client Secret confidentiality can be maintained. This is a redirection-based flow, which means that the application must be capable of interacting with the user-agent (i.e. the user's web browser) and receiving API authorization codes that are routed through the user-agent.

To run this flow type the following command:

npm start

Visit the localhost:8888 and try to sign in as jsnow:jsnow. Once signed in, navigate to the restricted part of the app. In a meantime observe server logs for access token traces.