[keycloak-user] Secure NodeJS APIs using keycloak

Deepak Garg deepakgarg.garg at gmail.com
Fri Aug 5 04:45:57 EDT 2016 

I have created a rest api in node js and used keycloak-connect npm packge.
I have mapped the nodejs middleware with keycloak middleware and just put
keycloak.Protect() method in side api method.

When the user is not logged in, it shows a login screen and ask for
credential. After login, it shows the result. but I don't want to show a
login screen if user is not already logged in. Instead of that i want to
pass the token and get access based upon that token?

Do i need to do anything in the API code so that it will accept the user
token?

I like to use this api through User interface and set the access type
bearer for this service in the keycloak admin.

see the example:

  var express = require('express');
    var apiRoutes = express.Router();
    var User = require('../models/user');
    var jwt = require('jsonwebtoken');
    var faker = require('faker');
    var session = require('express-session');
    var Keycloak = require('keycloak-connect');
    var hogan = require('hogan-express');



    var memoryStore = new session.MemoryStore();

    var keycloak = new Keycloak({store: memoryStore});

        app.use(session({
            secret: app.get('superSecret'),
            resave: false,
            saveUninitialized: true,
            store: memoryStore
        }));

        app.use(keycloak.middleware({
            logout: '/logout',
            admin: '/'
        }));
 app.get('/api/user',* keycloak.protect()*, function (req, res) {
            res.json({
                name: faker.name.findName(),
                email: faker.internet.email(),
                address: faker.address.streetAddress(),
                bio: faker.lorem.sentence(),
                image: faker.image.avatar()

  });
        });


Keycloak.json:


{
  "realm" : "nodejs-example",
  "realm-public-key" :
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "auth-server-url" : "http://xxxx:9090/auth",
  "ssl-required" : "external",
  "resource" : "nodejs-connect",
  "public-client" : true
}

Thanks,
Deepak


On Fri, Aug 5, 2016 at 1:07 PM, Shiva Saxena <shivasaxena999 at gmail.com>
wrote:

> Hi,
>
> Do you mean how do you set the bearer token when calling the REST endpoint
> from the browser ?
>
> On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <deepakgarg.garg at gmail.com>
> wrote:
>
>> Hi Shiva,
>>
>> Thanks for the reply. I have already gone through this article.
>>
>> I am specially looking for how to set the access type to bearer when
>> using the API from other application and pass on the token? How to pass the
>> authentication token to API and how keycloak would determine the same?
>>
>> Also, I may need to change the keycloak.json as well based upon access
>> type
>>
>> Please suggest me example based upon above requirement.
>>
>> Thanks,
>> Deepak
>>
>> On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <shivasaxena999 at gmail.com>
>> wrote:
>>
>>> Hi Deepak,
>>>
>>> You can check this example on github
>>> https://github.com/keycloak/keycloak-nodejs-connect
>>>
>>> In the admin console you will need to add a new application, it can be
>>> public or bearer depends, on the fact that will your API be directly called
>>> and request authentication or they will be called inside a pre
>>> authenticated app and just pass the token previously obtained.
>>>
>>> On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I have created a nodeJS rest api application. I want to secure my
>>>> nodeJS API layer using keycloak.
>>>>
>>>> Please suggest me how I can achieve the same?
>>>>
>>>> What configuration I need to do in the admin keycloak console? like
>>>> under client->access type should be public or bearer only?
>>>>
>>>>
>>>> Thanks,
>>>> Deepak
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>>
>>> --
>>> Best Regards
>>> *Shiva Saxena*
>>> *Blog <http://metalop.com/> | Linkedin
>>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>>> <http://stackoverflow.com/users/2490343/shiva>*
>>>
>>
>>
>
>
> --
> Best Regards
> *Shiva Saxena*
> *Blog <http://metalop.com/> | Linkedin
> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
> <http://stackoverflow.com/users/2490343/shiva>*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160805/0ac0065d/attachment.html

More information about the keycloak-user mailing list