passport-keycloak-bearer

passport-keycloak-bearer

HTTP Bearer authentication strategy for Passport and Keycloak.

This module lets you authenticate HTTP requests using bearer tokens with a Keycloak authority, in your Node.js applications. Bearer tokens are typically used protect API endpoints, and are often issued using OAuth 2.0.

By plugging into Passport, bearer token support can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-keycloak-bearer

Usage

Configure Strategy

The HTTP Bearer authentication strategy authenticates users using a bearer token. The strategy has a optional verify callback, which accepts that credential and calls done providing a user. Optional info can be passed, typically including associated scope, which will be set by Passport at req.authInfo to be used by later middleware for authorization and access control.

  import KeycloakBearerStrategy from 'passport-keycloak-bearer'
  ...

  passport.use(new KeycloakBearerStrategy(({
      "realm": "master",
      "host": "https://keycloak.dev.com",
      "clientId": "test-test"
  }),
    function(token, done) {
      const user = createUser(token);
      return done(null, user);
    }));

Authenticate Requests

Use passport.authenticate(), specifying the 'keycloak' strategy, to authenticate requests. Requests containing bearer verifidT do not require session support, so the session option can be set to false.

For example, as route middleware in an Express application:

app.get('/profile', 
  passport.authenticate('keycloak', { session: false }),
  function(req, res) {
    res.json(req.user);
  });

Support

Submit an issue

Contribute

Contribute usage docs

License

MIT License

Simen Haugerud Granlund © 2018

Credits

• Simen Haugerud Granlund - Author