Module: AuthGuard with Keycloak

Author: Marcel Nicklaß

Introduction

Motivation

The module enables routes to be secured via an AuthGuard, which ensures user login via Keycloak. Only authenticated users are allowed to access protected areas of the web dashboard. Keycloak handles authentication, while AuthGuard controls access based on login status. Frontend User Story #3 has been implemented.

Terminology

AuthGuard: Mechanism in Angular for securing routes against unauthorized access.

Technical description

1. When accessing a protected route, AuthGuard is activated.

2. AuthGuard uses the Keycloak service to check whether the user is logged in.

3. If so, access is granted.

4. If not, the user is redirected to the login page or an error message is displayed.

Impact on the overall system:

• Centralized control: All secured routes use the same authentication logic.

• Security: Only users with a valid Keycloak session are granted access.

• Scalability: Additional routes can be easily secured using the same Guard.

Risks

• Incorrect AuthGuard implementation: Improper checks could result in unauthorized users gaining access.

• Session timeouts: Invalid or expired sessions could lead to sudden logouts if token renewal is not configured correctly.

• Maintenance effort: Changes to the authentication logic (e.g., new roles, new conditions) must be carefully updated in AuthGuard.