[keycloak-user] Authenticate a REST API with keycloak in express node js without using adapters

Saransh Kumar skm.8896 at gmail.com
Mon Mar 6 02:08:39 EST 2017 

Hi,

Here, is the package.json file you needed to check:-

{
  "realm": "myRealm",
  "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJdI7R5quMER/p6Sou1/Z4Liw0+LvLZmQt5ytOhfpEe0OP7RXx+7yHa9wGsJvhWu8o8/b5CZsRCLmLxuvX0S1yI7+Lum6VfYSIyWX+mk2pUvZBz+N9SzJx1oMwGJnMG8lKNKi6BP1hNmm3DdtjH5FI5xeWE4GleJFitYsKMlXytXLB3DXaLNaeUfuvanh7oYcCSkywyc1kYGrmrHxUsV94kh5qLdMLZRhWiuI0q2X51uGl4ikzijL8yUp1RPDCHAjjgVbl82RTPHQcD37pwcMARnCL5qCzw8rcuGd9Bt5q5+H72BVir+T3ozEnGPCvgbvYMLcCow3M6j5A+zWDSA2wIDAQAB",
  "bearer-only": true,
  "auth-server-url": "https://liveiam.myApp.cloud/auth",
  "ssl-required": "external",
  "resource": "csnr-api"
}

Now, please help me.


Thanks in advance.
Saransh

On Sat, Mar 4, 2017 at 1:27 PM, Saransh Kumar <skm.8896 at gmail.com> wrote:

> Hello all,
>
> *Front end *
>
> function loadData() {
>
> var url = 'http://localhost:3000/users';
> var req = new XMLHttpRequest();
> req.open('GET', url, true);
> req.setRequestHeader('Accept', 'application/json');
> req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
>
> req.onreadystatechange = function () {
>     if (req.readyState == 4) {
>         if (req.status == 200) {
>             console.log('Success');
>         } else if (req.status == 403) {
>             console.log('Forbidden');
>         }
>     }}
>
> req.send();  }
>
> And I have downloaded keycloak.json from the Installation tab in Clients section from the keycloak admin console.
> At present I dont have that keycloak.json file to show you.
>
>
> Regards
> Saransh
>
>
> On Sat, Mar 4, 2017 at 12:46 PM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
>> Can you also show us your keycloak.json and show how you pass from the
>> frontend the token to the nodejs service ?
>>
>>
>> On Sat, Mar 4, 2017 at 8:07 AM, Saransh Kumar <skm.8896 at gmail.com> wrote:
>>
>>> Hello Sebastien, Bruno
>>>
>>>
>>> Thanks for replying. :)
>>>
>>> Keycloak server: 2.5.1
>>> keycloak-connect: 2.5.3 (node js adapter)
>>>
>>> Rest API on express node js which is to be secured:-
>>>
>>> var express = require('express');var router = express.Router();var app = express();var Keycloak = require('keycloak-connect');var keycloak =new Keycloak();
>>>
>>> app.use( keycloak.middleware( {
>>> logout: '/logout',
>>> admin: '/',} ));
>>>
>>> router.get('/users',keycloak.protect(),function(req, res, next) {
>>>
>>>     res.send('Reached here');
>>>
>>> });
>>>
>>>
>>> The response is : Error 403 Forbidden.
>>>
>>> Note: I have also included the package.json in the root folder.
>>>
>>>
>>> Thanks in advance
>>>
>>>
>>> On Sat, Mar 4, 2017 at 4:41 AM, Bruno Oliveira <bruno at abstractj.org>
>>> wrote:
>>>
>>>> Last time I checked, the adapter works with bearer only. If you provide
>>>> the steps to reproduce, version of keycloak server, adapter version and the
>>>> error. That would help ;)
>>>>
>>>> On Fri, Mar 3, 2017, 8:05 PM Sebastien Blanc <sblanc at redhat.com> wrote:
>>>>
>>>>> Well the adapter works with bearer only , what is the error that you
>>>>> are
>>>>> getting ?
>>>>> Le ven. 3 mars 2017 à 21:26, Saransh Kumar <skm.8896 at gmail.com> a
>>>>> écrit :
>>>>>
>>>>> > Hii Sebastien,
>>>>> >
>>>>> > Actually, the node js kc adapter is not working with bearer auth
>>>>> only.
>>>>> > So, I need to verify the access token myself with keycloak in node js
>>>>> > without using node js adapter or any other adapters.
>>>>> > Please help me out in this  way.
>>>>> >
>>>>> > Thanks in advance.
>>>>> > Saransh
>>>>> >
>>>>> > On Sat, Mar 4, 2017 at 12:06 AM, Sebastien Blanc <sblanc at redhat.com>
>>>>> > wrote:
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Fri, Mar 3, 2017 at 7:04 PM, Saransh Kumar <skm.8896 at gmail.com>
>>>>> wrote:
>>>>> >
>>>>> > Hello all,
>>>>> >
>>>>> > I have a REST API in express node js.
>>>>> > I want to secure it with keycloak bearer auth only.
>>>>> > So, a keycloak token would be recieved in the Authorization header
>>>>> of the
>>>>> > GET request to the REST API.
>>>>> > I have to verify the token with keycloak *without using any
>>>>> adapters.*
>>>>> > Please help me out in the process.
>>>>> >
>>>>> > Are you not allowed to add any extra packages ? Just lookup the
>>>>> source
>>>>> > code of the nodejs kc adapter and paste it into your app ;)
>>>>> >
>>>>> >
>>>>> >
>>>>> > Thanks in advance
>>>>> > Saransh
>>>>> > _______________________________________________
>>>>> > keycloak-user mailing list
>>>>> > keycloak-user at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>
>>
>

More information about the keycloak-user mailing list