PKCE + Backend Exchange & Refresh
Frontend obtains code, backend exchanges, frontend auto-refreshes.
You are logged in!
Authentication Status:
Access Token (truncated):
Refresh Token (truncated):
Setup Steps:
- This file needs to be served via a web server (e.g., Python `http.server` on
`https://spring-3-keycloak-frontend.n-tco.com`).
- Your Spring Boot backend (from the Java code above) must be running (e.g., on
`https://smu-server.n-tco.com`).
- Keycloak must be running (e.g., on `https://smu-server.n-tco.com`).
- **Keycloak Client 1 (Public, for Frontend)**: `smu-lite`
- Client authentication: OFF
- Standard flow enabled: ON
- Valid Redirect URIs: `https://spring-3-keycloak-frontend.n-tco.com/index.html`
- Web Origins: `https://spring-3-keycloak-frontend.n-tco.com`
- **Keycloak Client 2 (Confidential, for Backend)**: `my-backend-service`
- Client authentication: ON (get its secret!)
- Standard flow enabled: ON
- Valid Redirect URIs: `https://spring-3-keycloak-frontend.n-tco.com/index.html` (Crucial:
Must match frontend's
redirect URI!)
- Web Origins: `https://spring-3-keycloak-frontend.n-tco.com`