New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
passport-keycloak-bearer
Advanced tools
passport-keycloak-bearer - npm Package Compare versions
Comparing version 1.1.2 to 2.0.0
| { | ||
| "name": "passport-keycloak-bearer", | ||
| "version": "1.1.2", | ||
| "version": "2.0.0", | ||
| "description": "HTTP Bearer authentication strategy for Passport and Keycloak", | ||
@@ -33,5 +33,5 @@ "keywords": [ | ||
| "files": [ | ||
| "lib" | ||
| "src" | ||
| ], | ||
| "main": "lib/index.js", | ||
| "main": "src/index.js", | ||
| "repository": { | ||
@@ -42,41 +42,32 @@ "type": "git", | ||
| "scripts": { | ||
| "build": "babel src -d lib", | ||
| "clean": "rimraf lib", | ||
| "lint": "eslint ./src --fix", | ||
| "prepublish": "npm run clean && npm run build", | ||
| "test": "node_modules/.bin/mocha -r @babel/register --reporter spec --require test/bootstrap/node test/*.test.js", | ||
| "start": "babel-node src" | ||
| "lint": "eslint ./src ./test --fix", | ||
| "test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js", | ||
| "start": "node src" | ||
| }, | ||
| "dependencies": { | ||
| "axios": "0.19.0-beta.1", | ||
| "passport-jwt": "^4.0.0", | ||
| "request": "^2.88.0", | ||
| "simple-node-logger": "^0.93.40" | ||
| "request-promise-native": "^1.0.7", | ||
| "simple-node-logger": "^0.93.42" | ||
| }, | ||
| "devDependencies": { | ||
| "@babel/cli": "^7.0.0", | ||
| "@babel/core": "^7.0.0", | ||
| "@babel/preset-env": "^7.0.0", | ||
| "@babel/register": "^7.0.0", | ||
| "babel-core": "^7.0.0-bridge.0", | ||
| "babel-eslint": "^9.0.0", | ||
| "babel-preset-everything": "^0.1.2", | ||
| "chai": "^4.2.0", | ||
| "chai-passport-strategy": "^1.0.1", | ||
| "eslint": "^5.5.0", | ||
| "eslint-config-airbnb-base": "^13.1.0", | ||
| "eslint-plugin-import": "^2.14.0", | ||
| "eslint-plugin-mocha": "^5.2.0", | ||
| "eslint": "^5.13.0", | ||
| "eslint-config-standard": "^12.0.0", | ||
| "eslint-plugin-import": "^2.16.0", | ||
| "eslint-plugin-mocha": "^5.2.1", | ||
| "eslint-plugin-node": "^8.0.1", | ||
| "eslint-plugin-promise": "^4.0.1", | ||
| "eslint-plugin-standard": "^4.0.0", | ||
| "mocha": "^5.2.0", | ||
| "nock": "^10.0.2", | ||
| "prettier": "^1.14.3", | ||
| "nock": "^10.0.6", | ||
| "prettier": "^1.16.3", | ||
| "prettier-eslint": "^8.8.2", | ||
| "rimraf": "^2.6.2" | ||
| "rewiremock": "^3.13.0", | ||
| "rimraf": "^2.6.3" | ||
| }, | ||
| "engines": { | ||
| "node": ">=8.0.0" | ||
| }, | ||
| "eslintIgnore": [ | ||
| "lib" | ||
| ] | ||
| } | ||
| } |
@@ -5,6 +5,7 @@ # passport-keycloak-bearer | ||
| [](http://travis-ci.org/hgranlund/passport-keycloak-bearer) | ||
| > HTTP Bearer authentication strategy for [Passport](http://passportjs.org/) and [Keycloak](https://www.keycloak.org/). | ||
| This module lets you authenticate HTTP requests using bearer tokens with a Keycloak authority in your Node.js | ||
| applications. Bearer tokens are typically used protect API endpoints, and are | ||
| applications. Bearer tokens are typically used protect API endpoints, and are | ||
| often issued using OAuth 2.0. | ||
@@ -17,3 +18,2 @@ | ||
| ## Install | ||
@@ -38,3 +38,3 @@ | ||
| "realm": "master", | ||
| "host": "https://keycloak.dev.com" | ||
| "url": "https://keycloak.dev.com/auth" | ||
| }, (jwtPayload, done) => { | ||
@@ -45,2 +45,3 @@ const user = doSomethingWithUser(jwtPayload); | ||
| ``` | ||
| The JWT authentication strategy is constructed as follows: | ||
@@ -50,26 +51,25 @@ | ||
| ##### Options | ||
| * `host` (Required) | ||
| - `url` (Required) | ||
| Keycloak url. For instance: [https://keycloak.dev.org/]. | ||
| Keycloak auth url. For instance: https://keycloak.dev.org/auth. | ||
| * `realm` (Required) | ||
| - `realm` (Required) | ||
| Your realm. | ||
| * `passReqToCallback` (Optional - Default: false) | ||
| - `passReqToCallback` (Optional - Default: false) | ||
| Whether you want to use `req` as the first parameter in the verify callback. See section 5.1.1.3 for more details. | ||
| * `loggingLevel` (Optional - Default: 'warn') | ||
| - `loggingLevel` (Optional - Default: 'warn') | ||
| Logging level. 'debug', 'info', 'warn' or 'error'. | ||
| * `customLogger` (Optional) | ||
| - `customLogger` (Optional) | ||
| Custom logging instance. It must be able to log the following types: 'debug', 'info', 'warn' and 'error'. | ||
| * `issuer` (Optional) | ||
| - `issuer` (Optional) | ||
@@ -79,3 +79,3 @@ If defined the token issuer (iss) will be verified against this | ||
| * `audience` (Optional) | ||
| - `audience` (Optional) | ||
@@ -85,16 +85,15 @@ If defined, the token audience (aud) will be verified against | ||
| * `algorithms` (Optional - Default: ['HS256']) | ||
| - `algorithms` (Optional - Default: ['HS256']) | ||
| List of strings with the names of the allowed algorithms. For instance, ["HS256", "HS384"]. | ||
| * `ignoreExpiration` (Optional) | ||
| - `ignoreExpiration` (Optional) | ||
| If true do not validate the expiration of the token. | ||
| * `jsonWebTokenOptions` (Optional) | ||
| - `jsonWebTokenOptions` (Optional) | ||
| passport-keycloak-bearer is verifying the token using [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). | ||
| passport-keycloak-bearer is verifying the token using [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). | ||
| Pass here an options object for any other option you can pass the jsonwebtoken verifier. (i.e maxAge) | ||
| ##### Verify callback | ||
@@ -104,11 +103,10 @@ | ||
| * `jwtPayload` is an object literal containing the decoded JWT payload. | ||
| * `done` is a passport error first callback accepting arguments | ||
| - `jwtPayload` is an object literal containing the decoded JWT payload. | ||
| - `done` is a passport error first callback accepting arguments | ||
| done(error, user, info) | ||
| #### Authenticate Requests | ||
| Use `passport.authenticate()`, specifying the `'keycloak'` strategy, to | ||
| authenticate requests. Requests containing bearer verified do not require session support, so the `session` option can be set to `false`. | ||
| authenticate requests. Requests containing bearer verified do not require session support, so the `session` option can be set to `false`. | ||
@@ -119,7 +117,9 @@ For example, as route middleware in an [Express](http://expressjs.com/) | ||
| ```js | ||
| app.get('/path', | ||
| passport.authenticate('keycloak', { session: false }), | ||
| function(req, res) { | ||
| res.json(req.user); | ||
| }); | ||
| app.get( | ||
| '/path', | ||
| passport.authenticate('keycloak', { session: false }), | ||
| function(req, res) { | ||
| res.json(req.user); | ||
| } | ||
| ); | ||
| ``` | ||
@@ -141,5 +141,4 @@ | ||
| ## Credits | ||
| * [Simen Haugerud Granlund](https://hgranlund.com) - Author | ||
| - [Simen Haugerud Granlund](https://hgranlund.com) - Author |
Sorry, the diff of this file is not supported yet
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-16.67%
15
Worsened metrics
- Total package byte prevSize
- decreased by-17.18%
14395
- Lines of code
- decreased by-6.73%
208
- Number of lines in readme file
- decreased by-0.74%
135
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedrequest-promise-core@1.1.4(transitive)
+ Addedrequest-promise-native@1.0.9(transitive)
+ Addedstealthy-require@1.1.1(transitive)
- Removedaxios@0.19.0-beta.1
- Removedaxios@0.19.0-beta.1(transitive)
- Removedfollow-redirects@1.15.9(transitive)
- Removedis-buffer@2.0.5(transitive)
Updatedsimple-node-logger@^0.93.42