Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@cto.ai/ops-keycloak
Advanced tools
CTO.ai Keycloak library
Straightforward Keycloak integration.
This is a native ESM module.
keycloak(opts) => instance
Options:
realm
- the keycloak realm nameurl
- the keycloak server URLid
- client idpages
- an object that must contain the following properties: signup
, signin
, error
. Each must hold a Buffer
instance, containin HTML to redirect a users browser after a user has registered, logged in or if there was an error, respectively.backend
default: false
- backend mode limited API. Only functionality that doesn't rely on client-side browser interactions is supplied: refresh
, signout
and signin
, where signin
must be passed user and password. Pages are not required when backend
is true
.Tokens objects:
Much of the API either accepts or outputs tokens
. A tokens object has the following shape:
{
accessToken: string
refreshToken: string
idToken: string
sessionState: string
}
instance.signup() => Promise => tokens
Opens the default browser to the registration URL and supplies tokens
once the registration process has been completed in the browser.
instance.signin(opts) => Promise => tokens
Triggers a browser-based login flow or logs in with a given username and password.
If both user
and password
options are supplied these credentials will be
exchanged for tokens
. Otherwise, opens the default browser to the login URL and supplies tokens
when the login process has been completed in the browser.
Options:
user
Optional - usernamepassword
Optional - passwordinstance.refresh(tokens) => Promise => tokens
Accepts a tokens
object and fetches fresh tokens
.
instance.signout(tokens) => Promise
Invalidates the tokens
passed.
instance.reset(opts)
Will open a browser at a Keycloak password reset URL, which differs based on the signedIn
options.
Options:
signedIn
(boolean
), Default: false
- If true
the browser will open to the logged-in accounts password page. If false
it will open to reset credentials page.instance.teams(tokens) => Promise => [teams]
Returns a promise that resolves the teams for the user that the tokens belong to.
instance.validate(tokens) => boolean
instance.identity(tokens) => { id, username, email }
keycloak.validate(tokens) => boolean
Checks whether tokens.refreshToken
has expired. If it has validate
returns true
, otherwise false
.
If any tokens are missing from the tokens
object, this function will throw.
keycloak.identity(tokens) => { id, username, email }
Decodes tokens.idToken
and returns an object with a users id
, username
and email
.
This library does not attempt to provide anything close to full Keycloak functionality integration.
Test:
npm test
Visual coverage report (run after test):
npm run cov
Lint:
npm run lint
Autoformat:
npm run lint -- --fix
For mainline releases:
npm version <major|minor|patch>
git push --follow-tags
For prereleases:
npm version prerelease
git push --follow-tags
MIT
FAQs
CTO.ai Keycloak library
The npm package @cto.ai/ops-keycloak receives a total of 1 weekly downloads. As such, @cto.ai/ops-keycloak popularity was classified as not popular.
We found that @cto.ai/ops-keycloak demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.