Angular 12与Keycloak集成,构建问题
我正在尝试执行以下教程来将Angular 12应用程序与Keycloak:Keycloak Integration with Angular Frontend集成在一起(我查看了其他类似的教程,说明都是一样的)。
如本文所述,我在src\environments\environment.ts中插入了以下行
import { KeycloakConfig } from 'keycloak-angular';
// Add here your keycloak setup infos
let keycloakConfig: KeycloakConfig = {
url: 'http://<my-keycloak-ip:8088>/auth',
realm: '<my-realm-name>',
clientId: '<my-client-id>',
"credentials": {
"secret": "<my-client-secret>"
}
};
export const environment = {
...
keycloak: keycloakConfig,
...
};当我使用ng serve启动应用程序时,我得到了以下构建错误:
Error: src/environments/environment.ts:14:7 - error TS2322: Type '{ url: string; realm: string; clientId: string; credentials: { secret: string; }; }' is not
assignable to type 'KeycloakConfig'.
Object literal may only specify known properties, and '"credentials"' does not exist in type 'KeycloakConfig'.
14 "credentials": {
~~~~~~~~~~~~~~~~
15 "secret": "<my-client-secret>"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17 }
~~~~~~~我使用的是Angular v12和keylcoak-angular 8.2.0 + keycloak-js 13.0.1,在任何情况下,下面都是完整的ng version输出和package.json内容。
ng version
ng version
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ ? \ | '_ \ / _` | | | | |/ _` | '__| | | | | | |
/ ___ \| | | | (_| | |_| | | (_| | | | |___| |___ | |
/_/ \_\_| |_|\__, |\__,_|_|\__,_|_| \____|_____|___|
|___/
Angular CLI: 12.0.4
Node: 12.18.0
Package Manager: npm 6.14.4
OS: win32 x64
Angular: 12.0.4
... animations, cdk, cli, common, compiler, compiler-cli, core
... forms, material, platform-browser, platform-browser-dynamic
... router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1200.4
@angular-devkit/build-angular 12.0.4
@angular-devkit/core 12.0.4
@angular-devkit/schematics 12.0.4
@schematics/angular 12.0.4
rxjs 6.5.5
typescript 4.2.4package.json
{
"name": "<my-angular-app>",
"version": "0.0.0",
"scripts": {
"ng": "ng",
"start": "ng serve",
"build": "ng build",
"test": "ng test",
"lint": "ng lint",
"e2e": "ng e2e"
},
"private": true,
"dependencies": {
"@angular/animations": "~12.0.4",
"@angular/cdk": "^12.0.4",
"@angular/common": "~12.0.4",
"@angular/compiler": "~12.0.4",
"@angular/core": "~12.0.4",
"@angular/forms": "~12.0.4",
"@angular/material": "^12.0.4",
"@angular/platform-browser": "~12.0.4",
"@angular/platform-browser-dynamic": "~12.0.4",
"@angular/router": "~12.0.4",
"admin-lte": "^3.0.5",
"keycloak-angular": "^8.2.0",
"keycloak-js": "^13.0.1",
"rxjs": "~6.5.4",
"tslib": "^2.0.0",
"zone.js": "~0.11.4"
},
"devDependencies": {
"@angular-devkit/build-angular": "~12.0.4",
"@angular/cli": "~12.0.4",
"@angular/compiler-cli": "~12.0.4",
"@types/node": "^12.11.1",
"@types/jasmine": "~3.6.0",
"@types/jasminewd2": "~2.0.3",
"codelyzer": "^6.0.0",
"jasmine-core": "~3.6.0",
"jasmine-spec-reporter": "~5.0.0",
"karma": "~5.0.0",
"karma-chrome-launcher": "~3.1.0",
"karma-coverage-istanbul-reporter": "~3.0.2",
"karma-jasmine": "~4.0.0",
"karma-jasmine-html-reporter": "^1.5.0",
"protractor": "~7.0.0",
"ts-node": "~8.3.0",
"tslint": "~6.1.0",
"typescript": "~4.2.4"
}
}回答 2
Stack Overflow用户
发布于 2021-06-13 14:24:28
我不会遵循随意的“教程”。特别是如果他们在Angular应用程序中暴露了客户端秘密,那么任何人都可以在浏览器中读取该秘密。所以秘密就不再是秘密了。
当最终用户可能查看和修改代码时,客户端应用程序被认为是公共的。这包括单页应用程序(SPA)或任何移动或本机应用程序。在这两种情况下,应用程序都无法对恶意用户保密。
必须在SPA应用程序和未使用secret - Authorization Code Flow with PKCE的OIDC flow中使用Public client (无密钥客户端)。使用成熟的OIDC认证的库,如https://github.com/damienbod/angular-auth-oidc-client或正确配置keycloak-js库(如checkLoginIframe: false, pkceMethod: 'S256' - check文档)。
Stack Overflow用户
发布于 2021-06-12 16:00:10
最新的library guide在配置中不包含任何“凭证”。试着去掉这一块,它不应该在那里
https://stackoverflow.com/questions/67946768
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号