[keycloak-user] Secure NodeJS APIs using keycloak

Deepak Garg deepakgarg.garg at gmail.com
Fri Aug 5 05:56:51 EDT 2016


I did the same thing and defined a new client/resource called "
nodejs-connect" and set the access type "bearer-only" . can you look into
this below keycloak.json file. If I have specified whether it is correct?


but when I am running my node server, it is throwing an error
"SyntaxError: *Unexpected token u*
    at Object.parse (native)
    at Config.loadConfiguration (D:\Sample
Projects\NodePrototypes\NodeSample\no
de_modules\keycloak-connect\node_modules\keycloak-auth-utils\lib\config.js:53:23
)
    at new Config (D:\Sample
Projects\NodePrototypes\NodeSample\node_modules\key
cloak-connect\node_modules\keycloak-auth-utils\lib\config.js:40:10)
    at new Keycloak (D:\Sample
Projects\NodePrototypes\NodeSample\node_modules\k
eycloak-connect\index.js:61:17)"

*Keycloak.json:*

{
  "realm" : "nodejs-example",
  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNA
DCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw
1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNab
MaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "auth-server-url" : "http://xxxx:9090/auth",
  "ssl-required" : "none",
  "resource" : "nodejs-connect",
    "enable-cors" : true,
   "credentials": {
    "secret": "6b620304-b4a9-4007-8701-d3abb3537598"
  }
}


On Fri, Aug 5, 2016 at 2:27 PM, Shiva Saxena <shivasaxena999 at gmail.com>
wrote:

> Hi,
>
> You will have to go to the keycloak admin console and select your realm
> then the resource ie 'nodejs-connect' and change the access type to
> bearer-only.
>
> Then you can send "Bearer" header having the token in the HttpRequest. If
> it fails no login will be initiated(i.e you will not be redirected to the
> login page).
>
> On Fri, Aug 5, 2016 at 2:15 PM, Deepak Garg <deepakgarg.garg at gmail.com>
> wrote:
>
>> I have created a rest api in node js and used keycloak-connect npm
>> packge. I have mapped the nodejs middleware with keycloak middleware and
>> just put keycloak.Protect() method in side api method.
>>
>> When the user is not logged in, it shows a login screen and ask for
>> credential. After login, it shows the result. but I don't want to show a
>> login screen if user is not already logged in. Instead of that i want to
>> pass the token and get access based upon that token?
>>
>> Do i need to do anything in the API code so that it will accept the user
>> token?
>>
>> I like to use this api through User interface and set the access type
>> bearer for this service in the keycloak admin.
>>
>> see the example:
>>
>>   var express = require('express');
>>     var apiRoutes = express.Router();
>>     var User = require('../models/user');
>>     var jwt = require('jsonwebtoken');
>>     var faker = require('faker');
>>     var session = require('express-session');
>>     var Keycloak = require('keycloak-connect');
>>     var hogan = require('hogan-express');
>>
>>
>>
>>     var memoryStore = new session.MemoryStore();
>>
>>     var keycloak = new Keycloak({store: memoryStore});
>>
>>         app.use(session({
>>             secret: app.get('superSecret'),
>>             resave: false,
>>             saveUninitialized: true,
>>             store: memoryStore
>>         }));
>>
>>         app.use(keycloak.middleware({
>>             logout: '/logout',
>>             admin: '/'
>>         }));
>>  app.get('/api/user',* keycloak.protect()*, function (req, res) {
>>             res.json({
>>                 name: faker.name.findName(),
>>                 email: faker.internet.email(),
>>                 address: faker.address.streetAddress(),
>>                 bio: faker.lorem.sentence(),
>>                 image: faker.image.avatar()
>>
>>   });
>>         });
>>
>>
>> Keycloak.json:
>>
>>
>> {
>>   "realm" : "nodejs-example",
>>   "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNA
>> DCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw
>> 1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNab
>> MaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
>>   "auth-server-url" : "http://xxxx:9090/auth",
>>   "ssl-required" : "external",
>>   "resource" : "nodejs-connect",
>>   "public-client" : true
>> }
>>
>> Thanks,
>> Deepak
>>
>>
>> On Fri, Aug 5, 2016 at 1:07 PM, Shiva Saxena <shivasaxena999 at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Do you mean how do you set the bearer token when calling the REST
>>> endpoint from the browser ?
>>>
>>> On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <deepakgarg.garg at gmail.com>
>>> wrote:
>>>
>>>> Hi Shiva,
>>>>
>>>> Thanks for the reply. I have already gone through this article.
>>>>
>>>> I am specially looking for how to set the access type to bearer when
>>>> using the API from other application and pass on the token? How to pass the
>>>> authentication token to API and how keycloak would determine the same?
>>>>
>>>> Also, I may need to change the keycloak.json as well based upon access
>>>> type
>>>>
>>>> Please suggest me example based upon above requirement.
>>>>
>>>> Thanks,
>>>> Deepak
>>>>
>>>> On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <shivasaxena999 at gmail.com
>>>> > wrote:
>>>>
>>>>> Hi Deepak,
>>>>>
>>>>> You can check this example on github
>>>>> https://github.com/keycloak/keycloak-nodejs-connect
>>>>>
>>>>> In the admin console you will need to add a new application, it can be
>>>>> public or bearer depends, on the fact that will your API be directly called
>>>>> and request authentication or they will be called inside a pre
>>>>> authenticated app and just pass the token previously obtained.
>>>>>
>>>>> On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg at gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have created a nodeJS rest api application. I want to secure my
>>>>>> nodeJS API layer using keycloak.
>>>>>>
>>>>>> Please suggest me how I can achieve the same?
>>>>>>
>>>>>> What configuration I need to do in the admin keycloak console? like
>>>>>> under client->access type should be public or bearer only?
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Deepak
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards
>>>>> *Shiva Saxena*
>>>>> *Blog <http://metalop.com/> | Linkedin
>>>>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>>>>> <http://stackoverflow.com/users/2490343/shiva>*
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards
>>> *Shiva Saxena*
>>> *Blog <http://metalop.com/> | Linkedin
>>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>>> <http://stackoverflow.com/users/2490343/shiva>*
>>>
>>
>>
>
>
> --
> Best Regards
> *Shiva Saxena*
> *Blog <http://metalop.com/> | Linkedin
> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
> <http://stackoverflow.com/users/2490343/shiva>*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160805/95f15134/attachment.html 


More information about the keycloak-user mailing list