- For User End Clients (Like web browser), We have registered a public client (3cn-react-client) in KC auth server. When a user login into the web browser, then first it redirects to KC server login page for authentication. When a user provider correct auth credentials (username and password) then KC auth server returns an
access-tokento the end client.
2.This end client will create request to the resource servers by appending this access-token in Authorization header.
3.The resource servers validate this access token by the help of same Authorization Server and then server the request.
-
We are validating User Roles in
clientlevel. -
We are validating Scopes in
resource-serverlevel. -
We are validating Audience in
resource-serverlevel.