@hikariq/alohomora

Alohomora

This repository is to create middleware for nodejs service (express) to connect with Keycloak Authorization service. The idea is come from keycloak-nodejs-connect, we extends the existing features of this project but currently only support the bearer-only option. We have added a fantastic feature is policy enforcer by json configuration. You can add the policy-enforcer attribute to the keycloak.json file and see the magic happen.

Prerequisites

• Node 10 or higher

Installation

# yarn
yarn add @hikariq/alohomora

# npm
npm install @hikariq/alohomora

Usage

This library provide methods to connect and integrate with keycloak auth/authz service to use as a policy enforcer.

First, create keycloak.json file in the project root folder like this to config the policy enforcer.

{
  "realm": "test-services",
  "bearer-only": true,
  "auth-server-url": "http://localhost:8080/auth",
  "json-enforcer-enabled": true,
  "client-id": "${env.KEYCLOAK_CLIENT_ID}",
  "secret": "${env.KEYCLOAK_CLIENT_SECRET}",
  "policy-enforcer": {
    "enforcement-mode": "ENFORCING",
    "paths": [
      {
        "name": "resource",
        "path": "/resource/:id",
        "methods": [
          {
            "method": "GET",
            "scopes": ["resource#scopes:get"]
          }
        ]
      }
    ]
  }
}

Then initialize and use the alohomora instance as a middleware.

import express from 'express';
import { Alohomora } from '@hikariq/alohomora';

const app = express();
const keycloak = new Alohomora();
app.use(keycloak.init());

app.get('/resource/:id', keycloak.enforce());

or just use the inline enforcer like this

app.get('/resource/:id', keycloak.enforce('resource#scopes:get'))

Related Projects

• keycloak-nodejs-connect: A Nodejs library to connect to keycloak developed by Keycloak team (Deprecated)
• Keycloak: Opensource project for Identity and Access Management

❯ License

MIT