Securely invoking the backend REST API
http://localhost:3000/ and click on the Public endpoint link. You will see a message saying Public message!. The public endpoint is not secured by Keycloak, and can be invoked without an access token.
Next, let's try the secured endpoint that is protected by Keycloak. Open
http://localhost:3000/ again. This time, click on the Secured endpoint link. Now you will see a message saying Access denied. The Keycloak Node.js adapter is denying requests to this endpoint as it requires a valid access token to invoke the endpoint.
Let's now try to invoke the secured endpoint from the frontend. Open
http://localhost:8000/ and click on Invoke Service. You will now see a message displayed saying Secret message!. If instead you get the message Access Denied, this is most likely caused by the user not having the
When you click Invoke Service, the frontend sends an AJAX request to the backend service, including the access...