keycloak-token-validator v1.0.3

Convenient way to validate and parse a JWT created and signed by KeyCloak.

It fetches the KeyCloak public key with axios, caches it and uses it to validate a JWT with jsonwebtoken package.

If the validation fails, it assumes that the KeyCloak keys have been rotated, fetches them once more and tries to validate the token again. If it fails a second time, it throws an error.

Example usage:

import { KeycloakTokenValidator } from 'keycloak-token-validator';

const keycloakCertUrl = 'https://<your-keycloak-host>/realms/<your-realm>/protocol/openid-connect/certs'; //you may want to get this from env vars

const jwtValidator = new KeycloakTokenValidator(keycloakCertUrl);

....

const token = req.headers['authorization']?.split('Bearer ')[1];
const tokenParsed = await jwtValidator.parseToken(token);