Frontend: Next.js
Backend: NestJS
Auth: Keycloak
Database: PostgreSQL
On website entry, check if a valid Keycloak token exists.
If token is missing or invalid, redirect to Keycloak login page.
Upon successful login, redirect user back to the home page with session initialized.
All user operations (create, update, delete, view) will be authenticated and scoped to that specific user.
| Feature | Description |
|---|---|
| Create Note | Authenticated user can create personal notes. |
| View Notes | View all notes created by the logged-in user. |
| Edit Note | Edit an existing note (only user’s own notes). |
| Delete Note | Delete any user-owned note. |
/ → Home page with list of user’s notes
/login → Redirects to Keycloak login (if unauthenticated)
/note/[id] → View/Edit specific note
/create → Create new note
Check for token on every protected route.
Decode token to get user info (e.g., sub/user_id).
If no token → redirect to /login (Keycloak).
Else → fetch or operate on user-specific notes.
Realms & Clients:
Realm: test
Client: test
Auth Provider: Keycloak
User: Belongs to test realm and holds role mappings per country
Create and Check roles
CA
- PROGRAM_ORGANIZER
- TEACHER
IE
- FINANCE_ADMIN
- TEACHER
- NATIONAL_ADMIN
CA:PROGRAM_ORGANIZER
CA:TEACHER
IE:FINANCE_ADMIN
IE:TEACHER
IE:NATIONAL_ADMIN
{
ca : [PROGRAM_ORGANIZER, TEACHER],
ie : [FA, T, NA]
}
1. There is a realm [test]
2. There is a client [test]
3. There is a user in [test] realm.
- user has a property roles
- roles : {
country1 : [role1, role2],
country2 : [role2, role3, role4],
country3 : [role5]
}
4. There are rules for [test] cient which say following:
role1 can access scope1 and scope2.
role2 can access scope2 and scope3.
role3 can access scope4.
role4 can access scope5.
role5 can access scope1 and scope5.
4. user for country1 can access what?
scope1, scope2 and scope3.
5. user for country2 can access what?
scope2, scope3, scope4 and scope5.
6. user for country3 can access what ?
scope1 and scope5.
JS Based Policies.