This PR includes significant changes to the Keycloak authentication system. The old system was first implemented nearly 3 years ago, and there have been significant improvements to the available Keycloak libraries and the BC Government Keycloak implementation since then.
The changes entirely remove the old redux-oidc-based system, including the Redux dependency, and instead switch to a new system based on keycloak-js.
Some of the code, especially the KeycloakService, has substantially been adapted from two sample repositories:
The functionality of the code is not enormously impacted; most existing approaches have been refactored to use the new libraries. Probably the biggest change to the app behaviour is that the redirect URI has changed to the app root (e.g. http://localhost:3000), instead of a separate callback component (e.g. http://localhost:3000/#/callback). Previously, when a user was not authenticated, their current URL was stored in the Redux store before redirecting them to Keycloak. This would allow the user to be redirected to the page they were originally requesting after authentication. With the removal of the Redux store, the same effect is produced by using the browser's localStorage.
I also added an indication of the currently-logged-in user's name, as well as a Logout button:
The system seems fairly robust in local testing, but one thing we can keep our eye on in dev (in addition to the cookie issue) is the silent renewal: it seems to work locally, but it would be good to confirm with multiple users.
Overview
This PR includes significant changes to the Keycloak authentication system. The old system was first implemented nearly 3 years ago, and there have been significant improvements to the available Keycloak libraries and the BC Government Keycloak implementation since then.
The changes entirely remove the old
redux-oidc-based system, including the Redux dependency, and instead switch to a new system based onkeycloak-js.Some of the code, especially the
KeycloakService, has substantially been adapted from two sample repositories:The functionality of the code is not enormously impacted; most existing approaches have been refactored to use the new libraries. Probably the biggest change to the app behaviour is that the redirect URI has changed to the app root (e.g. http://localhost:3000), instead of a separate callback component (e.g. http://localhost:3000/#/callback). Previously, when a user was not authenticated, their current URL was stored in the Redux store before redirecting them to Keycloak. This would allow the user to be redirected to the page they were originally requesting after authentication. With the removal of the Redux store, the same effect is produced by using the browser's localStorage.
I also added an indication of the currently-logged-in user's name, as well as a Logout button:
The system seems fairly robust in local testing, but one thing we can keep our eye on in dev (in addition to the cookie issue) is the silent renewal: it seems to work locally, but it would be good to confirm with multiple users.
Fixes
Fixes #216 (🤞)