@carisls/keycloak-client v1.4.2
Instructions
An integration client for Keycloak for Caris applications.
Installation
npm i @carisls/keycloak-client
Middleware
Adding of basic piece to handle user injection and redirections to retrieve user.
const keycloakClient = require('@carisls/keycloak-client');
app.use(keycloakClient.router({
clientId: 'my-client'
ssoUrl: process.env.SSO_URL,
encPassword: process.env.ENC_PASSWORD
}));
Option | API Router | Description |
---|---|---|
ssoUrl | ANY | Url to use as SSO server base url |
clientId | ANY | Client Id |
clientSecret | ANY | Client Secret (if enabled) |
api | N/A | If API Router we need to set this setting to true to prevent any redirections |
standard | N/A | Whether to use implicit (default) or a standard flow |
useCachedSession | N/A | Whether to use token caching (in case of large tokens) |
publicKey | ANY | Overriding a default public certificate (provided by SSO Server) |
publicKeyCache | ANY | Time in seconds when a fetched publicKey should expire |
encPassword | ANY | Setting encryption password for session cookie |
encPasswordSalt | ANY | Setting encryption password salt for session cookie |
encIterationCount | ANY | Setting encryption password number of hash iterations for session cookie |
paths.login | false | Overriding a default /login path to initiate login |
paths.sso | false | Overriding a default /sso path to receive user token |
paths.logout | false | Overriding a default /logout path to initiate logout |
paths.afterLogin | false | Overrides a default / path where to send user after a successful login |
paths.afterLogout | false | Overrides a default / path where to send user after a successful logout |
expOffset | false | When x-session cookie will expire (in seconds). Negative is earlier, positive later. Default is 0 |
NOTE: You can include publicKey option or not. If not, client will get it
by following OpenID standard (.well-known
).
NOTE: If it is API, we do not have "sending user to login" so we need to
pass api: true
to options
.
Authorization
Adding middleware to authorize requests.
const authorize = keycloakClient.authorize;
app.use(authorize('my-app-role', [
'/403.html',
'/assets'
]));
Middleware authorize
has three parameters:
No | Parameter Name | Required | Default | Description |
---|---|---|---|---|
1 | roles | false | null | Needed roles to pass or null for all authenticated (one role string or array of strings) |
2 | exceptions | false | [] | What paths to exclude. Matches exact url and from the start (/peter will match both /peter and /peterson and /peter/some-file.txt ) |
3 | redirectToLogin | false | true | If not set as false it will redirect user to /login?ReturnUrl={encodedUrl} . If set to false it will throw 401 |
Client Enpoints
Base Url for a realm:
https://{domain}/auth/realms/{realm}
Paths:
- POST
/protocol/openid-connect/token
(ValidateCredentials)
Base Url for a realm admin:
https://{domain}/auth/admin/realms/{realm}
Paths:
- GET
/users?email=something@carisls.com
(FindAUserByEmail) - DELETE
/users/{user.id}
(DeleteUser) - POST
/users
(CreateUser) - PUT
/users/{user.id}/reset-password
(UpdateUser)
Base Url for the master realm:
https://{domain}/auth/realms/master
Paths:
- POST
/protocol/openid-connect/token
(GetAdminToken)
5 months ago
6 months ago
6 months ago
11 months ago
11 months ago
12 months ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago