3.0.9 • Published 10 months ago
@dapperduckling/keycloak-connector-group-auth-plugin v3.0.9
keycloak-connector-group-auth
Description
A custom plugin enabling permission management via Keycloak groups. Adds functionality to keycloak-connector-server.
Example Usage
/** Example usage for ARM */
/** Example usage for ARM */
router.get(
"/members/:org_id?",
authenticateAdmin,
groupAuths({
requireAdmin: true,
}),
async (req, res) => {
/**
* Require Admin logic (user must have at least one of the listed permissions)
* - org_id in request:
* - darksaber-admin
* - organizations/<org_id>/admin
* - app_id in request:
* - darksaber-admin
* - applications/<app_id>/app-admin
* - org_id and app_id in request:
* - darksaber-admin
* - applications/<app_id>/app-admin
* - applications/<app_id>/<org_id>/admin AND organizations/<org_id>/*
*/
/**
* Now you have access to the following variables:
* body.keycloak.ga.appId (string or null) // The validated application id
* body.keycloak.ga.orgId (string or null) // The validated organization id
* body.keycloak.ga.groups (string[] or null) // The group (or all groups) that matched this rule
* body.keycloak.userInfo (object from KC) **already a part of base library
*/
}
);
/** Example usage in a regular app */
const groupAuths = groupAuthConfig({
app: 'fdrm',
orgParam: 'org_id', // default value
appParam: 'app_id', // default value
requireAdmin: false, // default value
superAdminGroup: '/darksaber-admin', // default value
permission: 'user', // default value
listAllMatchingGroups: false, // default value
inheritanceTree: {
'admin': ['supervisor'],
'supervisor': ['user']
},
});
router.get(
`/:org_id/all-tools`,
groupAuths('supervisor'),
async (req, res) => {
/**
* Assuming request was '/1234-5678-90/all-tools', then...
*
* This route is accessible by those with any of the following groups:
* - `/darksaber-admin`
* - `/applications/fdrm/app-admin`
* - `/applications/fdrm/1234-5678-90/admin` AND `/organizations/1234-5678-90/*`
* - `/applications/fdrm/1234-5678-90/supervisor` AND `/organizations/1234-5678-90/*`
*/
}
)
router.get(
`/:app_id/status`,
groupAuths('supervisor'),
async (req, res) => {
/**
* Assuming request was '/ABCD-EFGH-IJ/status', then...
*
* This route is accessible by those with any of the following groups:
* - `/darksaber-admin`
* - `/applications/ABCD-EFGH-IJ/app-admin`
* - `/applications/ABCD-EFGH-IJ/<any org-id>/admin` AND `/organizations/<matching-org-id>/*`
* - `/applications/ABCD-EFGH-IJ/<any org-id>/supervisor` AND `/organizations/<matching-org-id>/*`
*/
}
)
router.get(
`/:app_id/:org_id/status`,
groupAuths('supervisor'),
async (req, res) => {
/**
* Assuming request was '/ABCD-EFGH-IJ/1234-5678-90/status', then...
*
* This route is accessible by those with any of the following groups:
* - `/darksaber-admin`
* - `/applications/ABCD-EFGH-IJ/app-admin`
* - `/applications/ABCD-EFGH-IJ/1234-5678-90/admin` AND `/organizations/1234-5678-90/*`
* - `/applications/ABCD-EFGH-IJ/1234-5678-90/supervisor` AND `/organizations/1234-5678-90/*`
*/
}
)
router.get(
`/status`,
groupAuths('supervisor'),
async (req, res) => {
/**
* Assuming request was '/status', then...
*
* This route is accessible by those with any of the following groups:
* - `/darksaber-admin`
* - `/applications/ABCD-EFGH-IJ/app-admin`
* - `/applications/ABCD-EFGH-IJ/supervisor`
* - `/applications/ABCD-EFGH-IJ/<any org-id>/admin` AND `/organizations/<matching-org-id>/*`
* - `/applications/ABCD-EFGH-IJ/<any org-id>/supervisor` AND `/organizations/<matching-org-id>/*`
*/
}
)
router.get(
`/status/:org_id`,
groupAuths('supervisor', {noImplicitApp: true}),
async (req, res) => {
/**
* Assuming request was '/status', then...
*
* This route is accessible by those with any of the following groups:
* - `/darksaber-admin`
* - `/organizations/ABCD-EFGH-IJ/app-admin`
* - `/organizations/ABCD-EFGH-IJ/supervisor`
*/
}
)
/** Standalone function call */
// Use case: Endpoint exists to take N-number organization ids through a form POST, and need to confirm permissions
const hasPermission = groupAuthCheck({
org_id: '1234-5678-90',
}, {
requireAdmin: true,
// ...add any other groupAuthConfig parameters
});
// Or even checking a certain privilege in each app
const hasPermission = groupAuthCheck({
app_id: '1234-5678-90',
}, {
permission: 'supervisor'
// ...add any other groupAuthConfig parameters
});1.1.28
1 year ago
1.1.30
1 year ago
1.1.34
1 year ago
1.1.33
1 year ago
1.1.32
1 year ago
1.1.36
1 year ago
1.1.35
1 year ago
3.0.4
11 months ago
3.0.3
11 months ago
3.0.2
11 months ago
3.0.1
11 months ago
3.0.8
10 months ago
3.0.7
11 months ago
3.0.6
11 months ago
3.0.5
11 months ago
3.0.0
11 months ago
3.0.9
10 months ago
1.1.27
1 year ago
1.1.26
2 years ago
1.1.23
2 years ago
1.1.25
2 years ago
1.1.24
2 years ago
1.1.19
2 years ago
1.1.18
2 years ago
1.1.17
2 years ago
1.1.22
2 years ago
1.1.21
2 years ago
1.1.20
2 years ago
1.1.16
2 years ago
1.1.15
2 years ago
1.1.14
2 years ago
1.1.12
2 years ago
1.1.9
2 years ago
1.1.11
2 years ago
1.1.10
2 years ago
1.1.8
2 years ago
1.1.6
2 years ago
1.1.5
2 years ago
1.1.4
2 years ago
1.1.1
2 years ago
1.1.0
2 years ago
1.1.3
2 years ago
1.1.2
2 years ago
1.0.14
2 years ago
1.0.13
2 years ago
1.0.12
2 years ago
1.0.11
2 years ago
1.0.10
2 years ago
1.0.9
2 years ago
1.0.2
2 years ago
1.0.1
2 years ago
1.0.7
2 years ago
1.0.6
2 years ago
1.0.5
2 years ago
1.0.4
2 years ago
1.0.3
2 years ago
1.0.0
2 years ago
0.0.43
2 years ago
0.0.42
2 years ago
0.0.38
2 years ago
0.0.36
2 years ago
0.0.35
2 years ago
0.0.34
2 years ago
0.0.33
2 years ago
0.0.29
2 years ago
0.0.28
2 years ago
0.0.27
2 years ago
0.0.25
2 years ago
0.0.24
2 years ago
0.0.23
2 years ago
0.0.22
2 years ago
0.0.21
2 years ago
0.0.20
2 years ago
0.0.19
2 years ago
0.0.18
2 years ago
0.0.17
2 years ago
0.0.16
2 years ago
0.0.12-alpha.0
2 years ago
0.0.11-alpha.0
2 years ago
0.0.10-alpha.0
2 years ago
0.0.6-alpha.0
2 years ago
0.0.5-alpha.0
2 years ago
0.0.4-alpha.0
2 years ago