Preamble

Keycloak provides us a openid compliant single sing on server (SSO). We can use it to authenticate our users. We will then validate its access token to authorize the user.

This gives us the possibility to separeate the front end from the backend. For example using a javascript front end like Nuxt, and a API backend built with Laravel. Additionally, we can reuse the same authentication for many other clients.

Overview

• Create a laravel backend

• require 'robsontorio/keycloak'

• create a keycloak client and configure it

• copy the public certificate which is used to valideate the access token

• create a user class

• put it together

• provide the proof

Problem set

We want to build a single page web app (SPA) and login (authorize) a user against a single sign on server (SSO).

For the SSO we use keycloak, which is an open source (openid connect compliant) authorization server.
To build the SPA we use Nuxt (Vue) and `@nuxtjs/auth` package to adapt to the authorization grant we need.
Because we want to build a SPA, all of our code can potentially be viewed by any 3rd party, therefore, the proper authorization grant to follow is the `Authorization code flow with PKCE`.