keycloak-connect
Advanced tools
Comparing version 2.2.0-cr.1 to 2.2.0
@@ -325,2 +325,6 @@ /* | ||
| Keycloak.prototype.redirectToLogin = function (request) { | ||
| return !this.config.bearerOnly; | ||
| }; | ||
| module.exports = Keycloak; |
@@ -60,8 +60,8 @@ /* | ||
| if (keycloak.config.bearerOnly) { | ||
| if (keycloak.redirectToLogin(request)) { | ||
| forceLogin(keycloak, request, response); | ||
| } else { | ||
| return keycloak.accessDenied(request, response, next); | ||
| } else { | ||
| forceLogin(keycloak, request, response); | ||
| } | ||
| }; | ||
| }; |
| { | ||
| "name": "keycloak-connect", | ||
| "version": "2.2.0-cr.1", | ||
| "version": "2.2.0", | ||
| "description": "Keycloak Connect Middleware", | ||
@@ -5,0 +5,0 @@ "homepage": "http://keycloak.org", |
@@ -97,3 +97,19 @@ # Keycloak | ||
| app.get( '/:section/:page', keycloak.protect( protectBySection ), sectionHandler ); | ||
| ### Advanced Login Configuration | ||
| By default, all unauthorized requests will be redirected to the Keycloak login | ||
| page unless your client is bearer-only. However, a confidential or public client | ||
| may host both browsable and API endpoints. To prevent redirects on unauthenticated | ||
| API requests and instead return an HTTP 401, you can override the `redirectToLogin` | ||
| function. | ||
| For example, this override checks if the url contains /api/ and disables login | ||
| redirects: | ||
| Keycloak.prototype.redirectToLogin = function(req) { | ||
| var apiReqMatcher = /\/api\//i; | ||
| return !apiReqMatcher.test(req.originalUrl || req.url); | ||
| }; | ||
| ## Additional URLs | ||
@@ -100,0 +116,0 @@ |
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.6%
121190
- Lines of code
- increased by0.11%
2784
- Number of low quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by6.11%
278
- Number of medium supply chain risk alerts
- decreased by-100%
0