Let’s say we have an Angular app which consumes REST API endpoints of some backend app. This app has its own Account entity which are basically users that need to get authenticated/authorized.
Once Keycloak comes into the picture, we may run into a situation that there would be separation between app’s users and Keycloak’s users.
I’ve given it a bit of thought and came up with something like:
- since both the app and Keycloak work with REST API, it may be convenient to use, during the registration process for example, the form data entered by the user to construct user objects for both app and Keycloak requests. Then first send one request and await for the success. If it’s successful, take the id or whatever else returned, add it to the second object and make the second request
- if second request is also executed successfully, all good; if not, do a rollback
Even if this is an OK approach (in any case, please do suggest better ways!!), I see an issue when using the Identity Providers during registration and subsequent sign ins. Is there anything with those that might help to achieve the same or similar results as with the registration form approach?
User editing
When editing an existing user the same approach would be used - two requests are made dependent on each other and executed. Both should be successful, otherwise everything gets rolled-back.