eclipse-tractusx / demand-capacity-mgmt

Apache License 2.0
4 stars 6 forks source link

Remove use of OAuth password grant type #77

Open nitin-vavdiya opened 5 months ago

nitin-vavdiya commented 5 months ago

This is an enhancement ticket

Issue:

As per the current login flow, the frontend sends a username and password to the backend application and the backend authenticates the user using an OAuth grant-type password. This is not a recommended approach for many reasons.

Fix:

  1. Use keycloak.js in front end application to support login with code flow. It also solves the token refresh problem
  2. Remove login API from the backend application