Using:
- Keycloak for authentication
- React for client usecase
- OPA for service token signitaure verify usecase
not recommend using OPA to do http request inside, just for examplify
cd images/
# run keycloak, react, and opa
# using nginx proxy them to http://localhost
docker-compose up
visit http://localhost/
login info:
- name:
myuser
- pwd:
myuser
will show token info in the page after pass authentication
see code in
src/KeycloakProvider.tsx
visit http://localhost/verify
after authentication, will using access_token
to request OPA verify api,
which show the normal process of token verification.
(just using the token's issuer configration.)
see code in
images/opa/verify.rego
Related technical concepts
What’s the Difference Between OAuth, OpenID Connect, and SAML?
more details in: openid.net
https://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
more details in: oauth.net
more details in Authentication vs. Authorization
more details in: OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead