2025-01-10 13:04:42 +01:00
# TFP Frontend PoC
2025-01-10 12:40:50 +01:00
## Installation
2025-01-10 13:04:42 +01:00
**Requirements**:
* [Node.js ](https://nodejs.org/en ) v20+
* [pnpm ](https://pnpm.io/ ) v9+
2025-01-10 12:40:50 +01:00
Install the application dependencies by running:
```sh
2025-01-10 13:04:42 +01:00
pnpm i
2025-01-10 12:40:50 +01:00
```
## Development
Start the application in development mode by running:
```sh
2025-01-10 13:04:42 +01:00
pnpm dev
2025-01-10 12:40:50 +01:00
```
2025-01-10 13:04:42 +01:00
## Authentication
2025-01-10 12:40:50 +01:00
2025-01-10 13:04:42 +01:00
`src/authProvider.ts` -> get the token in authProvider.login method
2025-01-10 12:40:50 +01:00
2025-01-10 13:04:42 +01:00
The user/pass can be anything. The token will come from `http://localhost:8080/atsp-idp/token` and it will forwarded
to the UI that can handle from this point.
2025-01-10 12:40:50 +01:00
## DataProvider
2025-01-10 13:04:42 +01:00
`src/admin-core/data-provider-extension.ts` -> Here is the user's list entry point but it can be rewrote to anything.
This is not working from this because authentication and CORS error.
2025-01-10 12:40:50 +01:00
2025-01-10 13:04:42 +01:00
I think, the authentication access_token is not enought.* I do not know what is the purpose of the three token
* `id_token`
* `access_token`
* & the `refresh_token`
2025-01-10 12:40:50 +01:00
2025-01-10 13:04:42 +01:00
It seems, the backend always wanted to redirect to somewhere when authentication or authorization happens. This purpose is not normal for a REST API.
A **REST API** back-end have to communicate through JSON only. Any redirection have to be handled by the front-end. In my opinion the Keycloak/oauth communication
should be "masked" by the backend.
2025-01-10 12:40:50 +01:00
2025-01-10 13:04:42 +01:00
The cleanest solution is that; on the REST api should have an entry point for authentication that can be used by front-end. After that, the authorization happens w/ the token only.
