passport-keycloak-bearer
Advanced tools
HTTP Bearer authentication strategy for Passport and Keycloak.
This module lets you authenticate HTTP requests using bearer tokens with a Keycloak authority in your Node.js applications. Bearer tokens are typically used protect API endpoints, and are often issued using OAuth 2.0.
By plugging into Passport, bearer token support can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
$ npm install passport-keycloak-bearer
KeycloakBearerStrategy uses Bearer Token protocol to protect web resource/api. It works in the following manner:
User sends a request to the protected web api which contains an access_token in either the authorization header or body. Passport extracts and validates the access_token, and propagates the claims in access_token and userProfile to the verify callback and let the framework finish the remaining authentication procedure.
The userProfile parameter is the result of calling keycloak REST API (/realms/{realm-name}/protocol/openid-connect/userinfo).
On successful authentication, passport adds the user information to req.user and passes it to the next middleware, which is usually the business logic of the web resource/api. In case of error, passport sends back an unauthorized response.
import KeycloakBearerStrategy from 'passport-keycloak-bearer'
...
passport.use(new KeycloakBearerStrategy(({
"realm": "master",
"host": "https://keycloak.dev.com",
"clientId": "test-test"
}),
function(verifiedToken, userProfile, done) {
const user = doSomethingWithUser(userProfile);
return done(null, user);
}));
host (Required)
The endpoint where Keykloak is running.
clientId (Required)
The client ID of your application.
realm (Required)
Your realm name.
passReqToCallback (Optional - Default: false)
Whether you want to use req as the first parameter in the verify callback. See section 5.1.1.3 for more details.
loggingLevel (Optional - Default: 'warn')
Logging level. 'debug', 'info', 'warn' or 'error'.
customLogger (Optional)
Custom logging instance. It must be able to log the following types: 'debug', 'info', 'warn' and 'error'.
Use passport.authenticate(), specifying the 'keycloak' strategy, to
authenticate requests. Requests containing bearer verifidT do not require session
support, so the session option can be set to false.
For example, as route middleware in an Express application:
app.get('/profile',
passport.authenticate('keycloak', { session: false }),
function(req, res) {
res.json(req.user);
});
Submit an issue
Contribute usage docs
Simen Haugerud Granlund © 2018
FAQs
HTTP Bearer authentication strategy for Passport and Keycloak
The npm package passport-keycloak-bearer receives a total of 6,985 weekly downloads. As such, passport-keycloak-bearer popularity was classified as popular.
We found that passport-keycloak-bearer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.