Task 1: NoteGroup Website – Full Stack Setup

Tech Stack

  • Frontend: Next.js

  • Backend: NestJS

  • Auth: Keycloak

  • Database: PostgreSQL

Authentication Flow

  1. On website entry, check if a valid Keycloak token exists.

  2. If token is missing or invalid, redirect to Keycloak login page.

  3. Upon successful login, redirect user back to the home page with session initialized.

  4. All user operations (create, update, delete, view) will be authenticated and scoped to that specific user.

Functional Requirements

1. Notes CRUD Features


FeatureDescription
Create NoteAuthenticated user can create personal notes.
View NotesView all notes created by the logged-in user.
Edit NoteEdit an existing note (only user’s own notes).
Delete NoteDelete any user-owned note.


Routing & Workflow (Frontend)

  • / → Home page with list of user’s notes

  • /login → Redirects to Keycloak login (if unauthenticated)

  • /note/[id] → View/Edit specific note

  • /create → Create new note

Auth Middleware (Next.js)

  • Check for token on every protected route.

  • Decode token to get user info (e.g., sub/user_id).

  • If no token → redirect to /login (Keycloak).

  • Else → fetch or operate on user-specific notes.


Task 2: JavaScript-Based Authorization Policies

Definitions

Realms & Clients:

  • Realm: test

  • Client: test

  • Auth Provider: Keycloak

  • User: Belongs to test realm and holds role mappings per country

Create and Check roles 

CA
- PROGRAM_ORGANIZER
- TEACHER

IE
- FINANCE_ADMIN
- TEACHER
- NATIONAL_ADMIN

CA:PROGRAM_ORGANIZER
CA:TEACHER
IE:FINANCE_ADMIN
IE:TEACHER
IE:NATIONAL_ADMIN


{
    ca : [PROGRAM_ORGANIZER, TEACHER],
    ie : [FA, T, NA]
}

1. There is a realm [test]
2. There is a client [test]
3. There is a user in [test] realm.
- user has a property roles
- roles : {
    country1 : [role1, role2],
    country2 : [role2, role3, role4],
    country3 : [role5]
}
4. There are rules for [test] cient which say following:
role1 can access scope1 and scope2.
role2 can access scope2 and scope3.
role3 can access scope4.
role4 can access scope5.
role5 can access scope1 and scope5.

4. user for country1 can access what?
scope1, scope2 and scope3.

5. user for country2 can access what?
scope2, scope3, scope4 and scope5.

6. user for country3 can access what ?
scope1 and scope5.

JS Based Policies.