Differences

This shows you the differences between two versions of the page.

--- solution_for_authentication_authorization [2026/01/23 10:19] – Imported from DOCX sonali
+++ solution_for_authentication_authorization [2026/01/23 12:25] (current) – Imported from DOCX sonali
@@ Line 191: / Line 191: @@
 Permissions (what a user can do) will be managed separately using **Client Roles**.
-\\
+Create booking
-\\
+View booking
-\\
+Approve booking
-\\
+View invoices
-\\
+Access admin panel
-\\
+View reports
 This allows flexibility without changing application code.
@@ Line 259: / Line 259: @@
 User logs in
-\\
+The system asks: “Login as which role?”
 Approver
@@ Line 327: / Line 327: @@
 User authentication and token generation are handled by Keycloak, token validation is done at the gateway, and each backend service authorizes requests by checking permissions from the JWT token
-Flow
+**Flow**
 User opens the application and initiates login.\\ React application redirects the user to Keycloak for authentication.
-\\
+**Keycloak (Login + Token)**
-\\
+User enters credentials.
-\\
+Keycloak verifies the user (via DB / LDAP).
 On success, Keycloak generates a JWT access token.\\
-\\
+**React UI (Receives JWT)**
-\\
+React receives the JWT token.
 \\
-\\
+**React UI → API Call**
 For every API request, React sends the JWT token in the request header:
-\\
+**API Gateway (Token Validation)**
-\\
+Gateway intercepts the request.
-\\
+Validates the JWT token:
-\\
+If the token is invalid → request is rejected.
 \\
-\\
+**Node Microservice (Permission Check)**
 Backend service reads roles/permissions from the JWT payload.