From 13e25ccee31457303341986c5458998abf1d8982 Mon Sep 17 00:00:00 2001
From: Jakub Jedlicka <jjedlick@redhat.com>
Date: Mon, 20 Jan 2025 18:40:08 +0100
Subject: [PATCH] Update Keycloak SPA example as the current one wasn't working

---
 ...rity-oidc-bearer-token-authentication.adoc | 31 ++++++++++++++-----
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/docs/src/main/asciidoc/security-oidc-bearer-token-authentication.adoc b/docs/src/main/asciidoc/security-oidc-bearer-token-authentication.adoc
index 0e3c6a1bfe588..beb1e1974b65f 100644
--- a/docs/src/main/asciidoc/security-oidc-bearer-token-authentication.adoc
+++ b/docs/src/main/asciidoc/security-oidc-bearer-token-authentication.adoc
@@ -411,14 +411,21 @@ For example, if you work with Keycloak, you can use `keycloak.js` to authenticat
 <head>
     <title>keycloak-spa</title>
     <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
-    <script src="http://localhost:8180/js/keycloak.js"></script>
-    <script>
-        var keycloak = new Keycloak();
-        keycloak.init({onLoad: 'login-required'}).success(function () {
+    <script type="module">
+        import Keycloak from "https://cdn.jsdelivr.net/npm/keycloak-js@26.0.7/lib/keycloak.js";
+
+        const keycloak = new Keycloak({
+            url: 'http://localhost:8180',
+            realm: 'quarkus',
+            clientId: 'quarkus-app'
+        });
+
+        await keycloak.init({onLoad: 'login-required'}).then(function () {
             console.log('User is now authenticated.');
-        }).error(function () {
-            window.location.reload();
+        }).catch(function () {
+            console.log('User is NOT authenticated.');
         });
+
         function makeAjaxRequest() {
             axios.get("/api/hello", {
                 headers: {
@@ -436,15 +443,23 @@ For example, if you work with Keycloak, you can use `keycloak.js` to authenticat
                     window.location.reload();
                 });
             });
-    }
+        }
+
+        let button = document.getElementById('ajax-request');
+        button.addEventListener('click', makeAjaxRequest);
     </script>
 </head>
 <body>
-    <button onclick="makeAjaxRequest()">Request</button>
+    <button id="ajax-request">Request</button>
 </body>
 </html>
 ----
 
+[NOTE]
+====
+To make this SPA Keycloak example authenticated you need to disable `Client authentication` and set `Web origins` to `http://localhost:8080`. By setting `Web origins` you allow Keycloak CORS policy to comunicate with your Quarkus app. For more detail about these setting see link:https://www.keycloak.org/documentation[Keycloak documentation].
+====
+
 === Cross-origin resource sharing
 
 If you plan to use your OIDC `service` application from a single-page application running on a different domain, you must configure cross-origin resource sharing (CORS).