@react-keycloak/ssr
Advanced tools
SSR bindings for Keycloak
React Keycloak requires:
keycloak-js 9.0.2 or lateryarn add @react-keycloak/ssr
or
npm install --save @react-keycloak/ssr
This module has been created to support NextJS and Razzle, other SSR frameworks might be working as well.
Follow the guide related to your SSR Framework and note that SSRKeycloakProvider also accepts all the properties of KeycloakProvider.
Requires NextJS 9 or later
Create the _app.tsx file under pages folder and wrap your App inside SSRKeycloakProvider component and pass keycloakConfig and a TokenPersistor.
Note: @react-keycloak/ssr provides a default TokenPersistor which works with cookies (exported as ServerPersistors.SSRCookies).
The following examples will be based on that.
import cookie from 'cookie'
import * as React from 'react'
import type { IncomingMessage } from 'http'
import type { AppProps, AppContext } from 'next/app'
import { SSRKeycloakProvider, SSRCookies } from '@react-keycloak/ssr';
const keycloakCfg = {
realm: '',
url: '',
clientId: ''
}
interface InitialProps {
cookies: unknown
}
function MyApp({ Component, pageProps, cookies }: AppProps & InitialProps) {
return (
<SSRKeycloakProvider
keycloakConfig={keycloakCfg}
persistor={SSRCookies(cookies)}
>
<Component {...pageProps} />
</SSRKeycloakProvider>
)
}
function parseCookies(req?: IncomingMessage) {
if (!req || !req.headers) {
return {}
}
return cookie.parse(req.headers.cookie || '')
}
MyApp.getInitialProps = async (context: AppContext) => {
// Extract cookies from AppContext
return {
cookies: parseCookies(context?.ctx?.req)
}
}
export default MyApp
Requires Razzle 3 or later
N.B: This setup requires you to install
cookie-parsermiddleware.
Edit your app server.js as follow
...
import { ExpressCookies, SSRKeycloakProvider } from '@react-keycloak/ssr'
// Create a function to retrieve Keycloak configuration parameters -- 'see examples/razzle-app'
import { getKeycloakConfig } from './utils'
const assets = require(process.env.RAZZLE_ASSETS_MANIFEST)
const server = express()
server
.disable('x-powered-by')
.use(express.static(process.env.RAZZLE_PUBLIC_DIR))
.use(cookieParser()) // 1. Add cookieParser Express middleware
.get('/*', (req, res) => {
const context = {}
// 2. Create an instance of ExpressCookies passing the current request
const cookiePersistor = ExpressCookies(req)
// 3. Wrap the App inside SSRKeycloakProvider
const markup = renderToString(
<SSRKeycloakProvider
keycloakConfig={getKeycloakConfig()}
persistor={cookiePersistor}
>
<StaticRouter context={context} location={req.url}>
<App />
</StaticRouter>
</SSRKeycloakProvider>
)
...
})
...
Edit your client.js as follow
import { Cookies, SSRKeycloakProvider } from '@react-keycloak/ssr'
// Create a function to retrieve Keycloak configuration parameters -- 'see examples/razzle-app'
import { getKeycloakConfig } from './utils'
// 1. Wrap the App inside SSRKeycloakProvider
hydrate(
<SSRKeycloakProvider
keycloakConfig={getKeycloakConfig()}
persistor={Cookies}
>
<BrowserRouter>
<App />
</BrowserRouter>
</SSRKeycloakProvider>,
document.getElementById('root')
)
...
When a component requires access to Keycloak, you can use the useKeycloak Hook.
import { useKeycloak } from '@react-keycloak/ssr'
export default () => {
const { keycloak, initialized } = useKeycloak()
// Here you can access the current keycloak instance methods and variables...
return (
<div>
<div>{`User is ${
!keycloak.authenticated ? 'NOT ' : ''
}authenticated`}</div>
{!!keycloak.authenticated && (
<button type="button" onClick={() => keycloak.logout()}>
Logout
</button>
)}
</div>
)
}
See inside examples/nextjs-app and examples/razzle-app folders of @react-keycloak/react-keycloak-examples repository for sample implementations.
@react-keycloak/ssr v2.x to v3.x can be found here MIGRATION.md.Whilst @react-keycloak/ssr can help you secure the Frontend part of a NextJS app if you also want to secure NextJS-exposed APIs you can follow the sample in this issue.
Thanks to @webdeb for reporting the issue and helping develop a solution.
If you need to access keycloak instance from non-React files (such as sagas, utils, providers ...), you can retrieve the instance using the exported getKeycloakInstance() method.
The instance will be initialized by react-keycloak but you'll need to be carefull when using the instance, expecially server-side, and avoid setting/overriding any props, you can however freely access the exposed methods (such as refreshToken, login, etc...).
Note: This approach is NOT recommended on the server-side because can lead to token leakage issues (see this issue for more details).
Thanks to @webdeb for requesting this feature and helping develop and test the solution.
See the contributing guide to learn how to contribute to the repository and the development workflow.
MIT
If you found this project to be helpful, please consider buying me a coffee.
FAQs
SSR bindings for Keycloak javascript adapter
The npm package @react-keycloak/ssr receives a total of 3,118 weekly downloads. As such, @react-keycloak/ssr popularity was classified as popular.
We found that @react-keycloak/ssr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
Security News
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.