Security News
npm Updates Search Experience with New Objective Sorting Options
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
@dbp-toolkit/auth
Advanced tools
You can install the components via npm:
npm i @dbp-toolkit/auth
<dbp-auth-keycloak url="https://auth.tugraz.at/auth" realm="tugraz" client-id="some-id"></dbp-auth-keycloak>
<script type="module" src="node_modules/@dbp-toolkit/auth/dist/dbp-auth.js"></script>
Or directly via CDN:
<dbp-auth-keycloak url="https://auth.tugraz.at/auth" realm="tugraz" client-id="some-id"></dbp-auth-keycloak>
<script type="module" src="https://unpkg.com/@dbp-toolkit/auth@0.2.2/dist/dbp-auth.js"></script>
You need Keycloak to be in place to make use of the auth component. Best take a look on examples like index.html for more explanation.
lang
(optional, default: de
): set to de
or en
for German or English
<dbp-auth-keycloak lang="de" </dbp-auth-keycloak>
load-person
(optional, default: off): if enabled the logged in user will also be loaded as Person
in the auth.person
attribute (see below)
<dbp-auth-keycloak load-person></dbp-auth-keycloak>
force-login
(optional, default: off): if enabled a login will be forced, there never will be a login button
<dbp-auth-keycloak force-login></dbp-auth-keycloak>
try-login
(optional, default: off): if enabled the a login will happen if the user is already logged in
and finishing the login process would not result in a page location change (reload/redirect).
<dbp-auth-keycloak try-login></dbp-auth-keycloak>
requested-login-status
(optional, default: unknown
): can be set to logged-in
or logged-out
to request a login or logout
<dbp-auth-keycloak requested-login-status="logged-in"></dbp-auth-keycloak>
url
(required): The base URL of the Keycloak serverrealm
(required): The Keycloak realmclient-id
(required): The Keycloak client to usesilent-check-sso-redirect-uri
(optional): URI or path to a separate page for checking the login session in an iframe, see https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapterscope
(optional): Space separated list of scopes to request. These scopes get added in addition to the default ones, assuming the scope is in the optional scopes list of the Keycloak client in use.The component emits a dbp-set-property
event for the attribute auth
:
auth.subject
: Keycloak usernameauth.login-status
: Login status (unknown
, logging-in
, logging-out
, logged-in
, logged-out
)auth.token
: Keycloak token to send with your requestsauth.user-full-name
: Full name of the userauth.person-id
: Person identifier of the userauth.person
: Person json object of the user (optional, enable by setting the load-person
attribute)<dbp-login-button></dbp-login-button>
<script type="module" src="node_modules/@dbp-toolkit/auth/dist/dbp-auth.js"></script>
lang
(optional, default: de
): set to de
or en
for German or English
<dbp-auth-keycloak lang="de" </dbp-auth-keycloak>
auth
object: you need to set that object property for the auth token
{token: "THE_BEARER_TOKEN"}
The component emits a dbp-set-property
event for the attribute requested-login-status
(possible values logged-in
, logged-out
).
If embedded in an external page (without <dbp-provider>
) components can also work together with a different source for the auth token:
<dbp-person-select id="ps-1"></dbp-person-select>
<script>
function onAuthHasChanged(auth) {
/* fully featured auth object */
const ps = document.getElementById('ps-1');
ps.setProperty('auth', auth);
}
/* or */
function onTokenHasChanged(token) {
/* only token available */
const auth = { token: token };
onAuthHasChanged(auth);
}
</script>
Note: Some components need information about the logged-in person too!
# get the source
git clone git@gitlab.tugraz.at:dbp/web-components/toolkit.git
cd toolkit/packages/auth
# install dependencies
yarn install
# constantly build dist/bundle.js and run a local web-server on port 8002
yarn run watch-local
# build local packages in dist directory
yarn run build
Jump to http://localhost:8002 and you should get a Single Sign On login page.
FAQs
Unknown package
We found that @dbp-toolkit/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.