Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
keycloak-js
Advanced tools
A client-side JavaScript OpenID Connect library that can be used to secure web applications.
The keycloak-js npm package is a JavaScript adapter for Keycloak, an open-source identity and access management solution. It allows developers to integrate Keycloak's authentication and authorization capabilities into their web applications.
Initialize Keycloak
This feature initializes the Keycloak instance and checks if the user is authenticated. If the user is not authenticated, it redirects them to the login page.
const keycloak = new Keycloak();
keycloak.init({ onLoad: 'login-required' }).then(authenticated => {
console.log(authenticated ? 'Authenticated' : 'Not authenticated');
}).catch(err => {
console.error('Failed to initialize Keycloak', err);
});
Login
This feature triggers the login process, redirecting the user to the Keycloak login page.
keycloak.login().then(() => {
console.log('User logged in');
}).catch(err => {
console.error('Failed to login', err);
});
Logout
This feature logs the user out of the application and redirects them to the Keycloak logout page.
keycloak.logout().then(() => {
console.log('User logged out');
}).catch(err => {
console.error('Failed to logout', err);
});
Check Authentication
This feature checks if the user's token is still valid and refreshes it if necessary.
keycloak.updateToken(30).then(refreshed => {
if (refreshed) {
console.log('Token refreshed');
} else {
console.log('Token not refreshed, valid for ' + Math.round(keycloak.tokenParsed.exp + keycloak.timeSkew - new Date().getTime() / 1000) + ' seconds');
}
}).catch(err => {
console.error('Failed to refresh token', err);
});
Get User Profile
This feature retrieves the user's profile information from Keycloak.
keycloak.loadUserProfile().then(profile => {
console.log('User profile', profile);
}).catch(err => {
console.error('Failed to load user profile', err);
});
The auth0-js package is a client-side library for integrating Auth0 authentication and authorization into web applications. It provides similar functionalities to keycloak-js, such as login, logout, and token management, but is designed to work with the Auth0 identity platform.
The oidc-client package is a JavaScript library for OpenID Connect (OIDC) and OAuth2. It provides features for user authentication, token management, and session handling. While it is not tied to a specific identity provider like keycloak-js, it can be used with any OIDC-compliant provider.
The firebase package includes Firebase Authentication, which provides backend services for easy use of authentication and authorization. It supports various authentication methods, including email/password, phone, and third-party providers like Google and Facebook. Unlike keycloak-js, it is part of the larger Firebase platform.
The documentation can be found in the Keycloak documentation.
FAQs
A client-side JavaScript OpenID Connect library that can be used to secure web applications.
We found that keycloak-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.