Interface Authorization
Overview
This project uses token-based authentication with Keycloak integration. The authentication process is managed through custom functions defined in customFetch.js.
Key Functions
refreshTokenAndRetry(request)
Handles token refresh when a request fails due to an expired token:
- Updates the token using Keycloak.
- Updates cookies with new token information.
- Retries the original request with the new token.
customFetch(request)
A wrapper around the fetch API that handles authentication:
- Attempts the initial request.
- If a 401 (Unauthorized) response is received, it attempts to refresh the token and retry the request.
getApiBaseUrl()
Dynamically determines the API base URL based on the current page URL.
uploadFileWithProgress(endpoint, formData, onUploadProgress)
Handles file uploads with progress tracking and token refresh capabilities.
Authentication Flow
- Initial requests include the access token from cookies.
- If a request fails due to an expired token (401 response): a. The token is refreshed using Keycloak. b. Cookies are updated with the new token information. c. The original request is retried with the new token.
- If token refresh fails, the user is redirected to the Keycloak login page.
Security Notes
- Access tokens are stored in cookies and are included in the
Authorizationheader of each request. - Token refresh is handled automatically when a request fails due to an expired token.
- HTTPS should be used in production to secure token transmission.
Development Considerations
- The
getDevToken()function is available for development purposes but should not be used in production. - Ensure Keycloak is properly configured in your development and production environments.
- Be cautious when modifying the authentication flow to maintain security.
For any changes to the authentication process, consult with the security team to ensure best practices are followed.