Authentication
The Util4Dev Wiki API supports two authentication providers, configurable via the auth.provider setting.
Authentication Providers
Firebase Authentication
When auth.provider=firebase:
- Uses Firebase Admin SDK for JWT validation
- Token is extracted from the
Authorization: Bearer <token>header - User is auto-synced from Firebase to the local database on first request
Keycloak Authentication
When auth.provider=keycloak:
- Uses Spring Security OAuth2 Resource Server
- Validates JWT tokens against the Keycloak JWKS endpoint
- Supports Keycloak realm roles and client roles
Request Headers
All authenticated endpoints require the following header:
Authorization: Bearer <jwt_token>
Public Endpoints (No Auth Required)
The following endpoints do not require authentication:
| Endpoint | Description |
|---|---|
GET /api/v1/public/documents/{id} | View published document |
GET /api/v1/public/documents/{id}/children | View children of published document |
GET /api/v1/public/documents/{id}/ancestors | View breadcrumb of published document |
GET /api/v1/invitations/{token}/info | View invitation details by token |
GET /api/v1/swagger-ui/** | Swagger UI |
GET /api/v1/actuator/health | Health check |
Internal API Authentication
Internal endpoints (/api/v1/internal/**) use a shared API key instead of JWT:
X-Internal-Api-Key: <shared_secret>
This is used for server-to-server communication between the Wiki Service and the Hocuspocus collaboration server.
User Resolution
The @CurrentUser annotation is used in controllers to inject the authenticated user entity. The system:
- Extracts the JWT token from the Authorization header
- Validates the token with the configured provider
- Looks up or creates the user in the local database
- Injects the
Userentity into the controller method
Roles & Permissions
After authentication, authorization is handled through workspace roles. See Enums - WorkspaceRole for the full role hierarchy.
| Role | Level | Permissions |
|---|---|---|
OWNER | 5 | Full control, transfer ownership |
ADMIN | 4 | Manage members, all editor permissions |
EDITOR | 3 | Create/edit/delete documents |
COMMENTER | 2 | View documents, add comments |
VIEWER | 1 | View documents only |