keycloak-connect
Advanced tools
Comparing version 2.2.0-cr.1 to 2.2.0
@@ -325,2 +325,6 @@ /* | ||
Keycloak.prototype.redirectToLogin = function (request) { | ||
return !this.config.bearerOnly; | ||
}; | ||
module.exports = Keycloak; |
@@ -60,8 +60,8 @@ /* | ||
if (keycloak.config.bearerOnly) { | ||
if (keycloak.redirectToLogin(request)) { | ||
forceLogin(keycloak, request, response); | ||
} else { | ||
return keycloak.accessDenied(request, response, next); | ||
} else { | ||
forceLogin(keycloak, request, response); | ||
} | ||
}; | ||
}; |
{ | ||
"name": "keycloak-connect", | ||
"version": "2.2.0-cr.1", | ||
"version": "2.2.0", | ||
"description": "Keycloak Connect Middleware", | ||
@@ -5,0 +5,0 @@ "homepage": "http://keycloak.org", |
@@ -97,3 +97,19 @@ # Keycloak | ||
app.get( '/:section/:page', keycloak.protect( protectBySection ), sectionHandler ); | ||
### Advanced Login Configuration | ||
By default, all unauthorized requests will be redirected to the Keycloak login | ||
page unless your client is bearer-only. However, a confidential or public client | ||
may host both browsable and API endpoints. To prevent redirects on unauthenticated | ||
API requests and instead return an HTTP 401, you can override the `redirectToLogin` | ||
function. | ||
For example, this override checks if the url contains /api/ and disables login | ||
redirects: | ||
Keycloak.prototype.redirectToLogin = function(req) { | ||
var apiReqMatcher = /\/api\//i; | ||
return !apiReqMatcher.test(req.originalUrl || req.url); | ||
}; | ||
## Additional URLs | ||
@@ -100,0 +116,0 @@ |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
121190
2784
0
278
0