Hello All,
Before asking this, i saw several responses (like using a filter etc..), but so far i have tried several things, nothing seems to work.
I have an OIDC provider (in my case keycloak, but i guess could be okta or auth0 or whatever).
So I was able to secure the form builder with "keycloak", so when I enter the keycloak ask for login, and it works fine.
(both in header/ container authentication method).
But all my APIS require to have the Authorization Header: Bearer **and the token**
I tried using filters , sticky headers, forward-headers, etc..etc..
Nothing seems to work.
Its not this case quite common nowadays? To have your API protected with a simple jwt token?
I wonder if its possible without using liferay, proxy servlets, custom authorizators etc..
Just consider the case of someone using the forms with the docker-composer example.
Thanks a lot for the effort!