Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
keycloak-js
Advanced tools
The keycloak-js npm package is a JavaScript adapter for Keycloak, an open-source identity and access management solution. It allows developers to integrate Keycloak's authentication and authorization capabilities into their web applications.
Initialize Keycloak
This feature initializes the Keycloak instance and checks if the user is authenticated. If the user is not authenticated, it redirects them to the login page.
const keycloak = new Keycloak();
keycloak.init({ onLoad: 'login-required' }).then(authenticated => {
console.log(authenticated ? 'Authenticated' : 'Not authenticated');
}).catch(err => {
console.error('Failed to initialize Keycloak', err);
});
Login
This feature triggers the login process, redirecting the user to the Keycloak login page.
keycloak.login().then(() => {
console.log('User logged in');
}).catch(err => {
console.error('Failed to login', err);
});
Logout
This feature logs the user out of the application and redirects them to the Keycloak logout page.
keycloak.logout().then(() => {
console.log('User logged out');
}).catch(err => {
console.error('Failed to logout', err);
});
Check Authentication
This feature checks if the user's token is still valid and refreshes it if necessary.
keycloak.updateToken(30).then(refreshed => {
if (refreshed) {
console.log('Token refreshed');
} else {
console.log('Token not refreshed, valid for ' + Math.round(keycloak.tokenParsed.exp + keycloak.timeSkew - new Date().getTime() / 1000) + ' seconds');
}
}).catch(err => {
console.error('Failed to refresh token', err);
});
Get User Profile
This feature retrieves the user's profile information from Keycloak.
keycloak.loadUserProfile().then(profile => {
console.log('User profile', profile);
}).catch(err => {
console.error('Failed to load user profile', err);
});
The auth0-js package is a client-side library for integrating Auth0 authentication and authorization into web applications. It provides similar functionalities to keycloak-js, such as login, logout, and token management, but is designed to work with the Auth0 identity platform.
The oidc-client package is a JavaScript library for OpenID Connect (OIDC) and OAuth2. It provides features for user authentication, token management, and session handling. While it is not tied to a specific identity provider like keycloak-js, it can be used with any OIDC-compliant provider.
The firebase package includes Firebase Authentication, which provides backend services for easy use of authentication and authorization. It supports various authentication methods, including email/password, phone, and third-party providers like Google and Facebook. Unlike keycloak-js, it is part of the larger Firebase platform.
JavaScript adapter for Keycloak. For documentation see our Securing Clients and Applications Guide.
For general questions not covered by the documentation please send a mail to our user mailing list.
To report and bugs or request new features please create an issue in JIRA.
If you've found a security vulnerability, please look at the instructions on how to properly report it
To provide a contribution send a PR to: https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/keycloak.js.
FAQs
A client-side JavaScript OpenID Connect library that can be used to secure web applications.
The npm package keycloak-js receives a total of 274,846 weekly downloads. As such, keycloak-js popularity was classified as popular.
We found that keycloak-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.