<div dir="ltr">I did the same thing and defined a new client/resource called "<span style="color:rgb(80,0,80);font-size:12.8px">nodejs-connect</span>" and set the access type "bearer-only" . can you look into this below keycloak.json file. If I have specified whether it is correct?<div><br><div><br></div><div>but when I am running my node server, it is throwing an error</div><div>"SyntaxError: <b>Unexpected token u</b><div> at Object.parse (native)</div><div> at Config.loadConfiguration (D:\Sample Projects\NodePrototypes\NodeSample\no</div><div>de_modules\keycloak-connect\node_modules\keycloak-auth-utils\lib\config.js:53:23</div><div>)</div><div> at new Config (D:\Sample Projects\NodePrototypes\NodeSample\node_modules\key</div><div>cloak-connect\node_modules\keycloak-auth-utils\lib\config.js:40:10)</div><div> at new Keycloak (D:\Sample Projects\NodePrototypes\NodeSample\node_modules\k</div><div>eycloak-connect\index.js:61:17)"</div><div><br></div><div><div style="color:rgb(80,0,80);font-size:12.8px"><b>Keycloak.json:</b></div><div style="color:rgb(80,0,80);font-size:12.8px"><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><span style="font-size:12.8px">{</span><br></div><div style="color:rgb(80,0,80);font-size:12.8px"><div> "realm" : "nodejs-example",</div><div> "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNA<wbr>DCBiQKBgQCrVrCuTtArbgaZzL1hvh0<wbr>xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw<wbr>1tGEGoJaXDuSaRllobm53JBhjx33UN<wbr>v+5z/UMG4kytBWxheNVKnL6GgqlNab<wbr>MaFfPLPCF8kAgKnsi79NMo+n6KnSY8<wbr>YeUmec/p2vjO2NjsSAVcWEQMVhJ31L<wbr>wIDAQAB",</div><div> "auth-server-url" : "<a href="http://xxxx:9090/auth" target="_blank">http://xxxx:9090/auth</a>",</div><div> "ssl-required" : "none",</div><div> "resource" : "nodejs-connect",</div><div> <span style="color:rgb(34,34,34);font-size:small"> "enable-cors" : true,</span></div><div style="color:rgb(34,34,34);font-size:small"> "credentials": {</div><div style="color:rgb(34,34,34);font-size:small"> "secret": "6b620304-b4a9-4007-8701-d3abb3537598"</div><div style="color:rgb(34,34,34);font-size:small"> }</div><div>}</div></div></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 2:27 PM, Shiva Saxena <span dir="ltr"><<a href="mailto:shivasaxena999@gmail.com" target="_blank">shivasaxena999@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(19,79,92)">Hi,<br><br>You will have to go to the keycloak admin console and select your realm then the resource ie 'nodejs-connect' and change the access type to bearer-only.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(19,79,92)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(19,79,92)">Then you can send "Bearer" header having the token in the HttpRequest. If it fails no login will be initiated(i.e you will not be redirected to the login page).</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 2:15 PM, Deepak Garg <span dir="ltr"><<a href="mailto:deepakgarg.garg@gmail.com" target="_blank">deepakgarg.garg@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I have created a rest api in node js and used keycloak-connect npm packge. I have mapped the nodejs middleware with keycloak middleware and just put keycloak.Protect() method in side api method.<div><br></div><div>When the user is not logged in, it shows a login screen and ask for credential. After login, it shows the result. but I don't want to show a login screen if user is not already logged in. Instead of that i want to pass the token and get access based upon that token?<br><div><br></div><div>Do i need to do anything in the API code so that it will accept the user token?</div><div><br></div><div>I like to use this api through User interface and set the access type bearer for this service in the keycloak admin. </div><div><br></div><div>see the example:</div><div><br></div><div><div> var express = require('express');</div><div> var apiRoutes = express.Router();</div><div> var User = require('../models/user');</div><div> var jwt = require('jsonwebtoken');</div><div> var faker = require('faker');</div><div> var session = require('express-session');</div><div> var Keycloak = require('keycloak-connect');</div><div> var hogan = require('hogan-express');</div><div> </div><div><br></div><div> </div><div> var memoryStore = new session.MemoryStore();</div><div> </div><div> var keycloak = new Keycloak({store: memoryStore});</div><div> </div><div> app.use(session({</div><div> secret: app.get('superSecret'),</div><div> resave: false,</div><div> saveUninitialized: true,</div><div> store: memoryStore</div><div> }));</div><div><br></div><div> app.use(keycloak.middleware({</div><div> logout: '/logout',</div><div> admin: '/'</div><div> }));</div></div><div><div> app.get('/api/user',<b> keycloak.protect()</b>, function (req, res) {</div><div> res.json({</div><div> name: faker.name.findName(),</div><div> email: faker.internet.email(),</div><div> address: faker.address.streetAddress(),</div><div> bio: faker.lorem.sentence(),</div><div> image: faker.image.avatar()</div></div><div><br></div><div><div> });</div><div> });</div></div><div><br></div><div><br></div><div>Keycloak.json:</div><div><br></div><div><br></div><div><div>{</div><div> "realm" : "nodejs-example",</div><div> "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNA<wbr>DCBiQKBgQCrVrCuTtArbgaZzL1hvh0<wbr>xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw<wbr>1tGEGoJaXDuSaRllobm53JBhjx33UN<wbr>v+5z/UMG4kytBWxheNVKnL6GgqlNab<wbr>MaFfPLPCF8kAgKnsi79NMo+n6KnSY8<wbr>YeUmec/p2vjO2NjsSAVcWEQMVhJ31L<wbr>wIDAQAB",</div><div> "auth-server-url" : "<a href="http://xxxx:9090/auth" target="_blank">http://xxxx:9090/auth</a>",</div><div> "ssl-required" : "external",</div><div> "resource" : "nodejs-connect",</div><div> "public-client" : true</div><div>}</div></div><div><br></div><div>Thanks,</div><div>Deepak</div><div><br></div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 1:07 PM, Shiva Saxena <span dir="ltr"><<a href="mailto:shivasaxena999@gmail.com" target="_blank">shivasaxena999@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div>Do you mean how do you set the bearer token when calling the REST endpoint from the browser ?<div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <span dir="ltr"><<a href="mailto:deepakgarg.garg@gmail.com" target="_blank">deepakgarg.garg@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Shiva,<div><br></div><div>Thanks for the reply. I have already gone through this article.</div><div><br></div><div>I am specially looking for how to set the access type to bearer when using the API from other application and pass on the token? How to pass the authentication token to API and how keycloak would determine the same?</div><div><br></div><div>Also, I may need to change the keycloak.json as well based upon access type</div><div><br></div><div>Please suggest me example based upon above requirement.</div><div><br></div><div>Thanks,</div><div>Deepak</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <span dir="ltr"><<a href="mailto:shivasaxena999@gmail.com" target="_blank">shivasaxena999@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Deepak,<div><br></div><div>You can check this example on github</div><div><a href="https://github.com/keycloak/keycloak-nodejs-connect" target="_blank">https://github.com/keycloak/ke<wbr>ycloak-nodejs-connect</a><br></div><div><br></div><div>In the admin console you will need to add a new application, it can be public or bearer depends, on the fact that will your API be directly called and request authentication or they will be called inside a pre authenticated app and just pass the token previously obtained.</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <span dir="ltr"><<a href="mailto:deepakgarg.garg@gmail.com" target="_blank">deepakgarg.garg@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">Hi,<div><br></div><div>I have created a nodeJS rest api application. I want to secure my nodeJS API layer using keycloak. </div><div><br></div><div>Please suggest me how I can achieve the same?</div><div><br></div><div>What configuration I need to do in the admin keycloak console? like under client->access type should be public or bearer only?</div><div><br></div><div><br></div><div>Thanks,</div><div>Deepak</div></div>
<br></div></div>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a><span><font color="#888888"><br></font></span></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font face="Calibri,sans-serif" color="#000000" style="font-family:Calibri,sans-serif"><div style="line-height:21.2999992370605px"><font size="2">Best Regards</font></div></font><div style="line-height:21.2999992370605px;color:rgb(68,68,68);font-family:Calibri,sans-serif"><font color="#2672ec" style="line-height:normal"><span style="line-height:21px"><font style="line-height:normal"><b style="line-height:22.7199993133545px"><font face="Calibri" style="line-height:normal" size="2">Shiva Saxena</font></b></font></span><font face="Calibri"><span style="line-height:21px"><font style="line-height:normal" size="2"><b style="line-height:18.4599990844727px"> </b></font></span></font></font><div style="line-height:21px"><font style="line-height:normal" size="2"><b style="line-height:18.4599990844727px"><font face="Calibri" color="#2672ec" style="line-height:normal"><a href="http://metalop.com/" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">Blog</a></font><font color="#444444" style="line-height:normal"> | <a href="http://in.linkedin.com/in/shivasaxena/" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">Linkedin</a> | <a href="http://stackoverflow.com/users/2490343/shiva" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">StackOverflo<wbr>w</a></font></b></font></div></div></div></div></div></div>
</font></span></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font face="Calibri,sans-serif" color="#000000" style="font-family:Calibri,sans-serif"><div style="line-height:21.2999992370605px"><font size="2">Best Regards</font></div></font><div style="line-height:21.2999992370605px;color:rgb(68,68,68);font-family:Calibri,sans-serif"><font color="#2672ec" style="line-height:normal"><span style="line-height:21px"><font style="line-height:normal"><b style="line-height:22.7199993133545px"><font face="Calibri" style="line-height:normal" size="2">Shiva Saxena</font></b></font></span><font face="Calibri"><span style="line-height:21px"><font style="line-height:normal" size="2"><b style="line-height:18.4599990844727px"> </b></font></span></font></font><div style="line-height:21px"><font style="line-height:normal" size="2"><b style="line-height:18.4599990844727px"><font face="Calibri" color="#2672ec" style="line-height:normal"><a href="http://metalop.com/" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">Blog</a></font><font color="#444444" style="line-height:normal"> | <a href="http://in.linkedin.com/in/shivasaxena/" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">Linkedin</a> | <a href="http://stackoverflow.com/users/2490343/shiva" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">StackOverflo<wbr>w</a></font></b></font></div></div></div></div></div></div>
</div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="Calibri,sans-serif" color="#000000" style="font-family:Calibri,sans-serif"><div style="line-height:21.2999992370605px"><font size="2">Best Regards</font></div></font><div style="line-height:21.2999992370605px;color:rgb(68,68,68);font-family:Calibri,sans-serif"><font color="#2672ec" style="line-height:normal"><span style="line-height:21px"><font style="line-height:normal"><b style="line-height:22.7199993133545px"><font face="Calibri" style="line-height:normal" size="2">Shiva Saxena</font></b></font></span><font face="Calibri"><span style="line-height:21px"><font style="line-height:normal" size="2"><b style="line-height:18.4599990844727px"> </b></font></span></font></font><div style="line-height:21px"><font style="line-height:normal" size="2"><b style="line-height:18.4599990844727px"><font face="Calibri" color="#2672ec" style="line-height:normal"><a href="http://metalop.com/" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">Blog</a></font><font color="#444444" style="line-height:normal"> | <a href="http://in.linkedin.com/in/shivasaxena/" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">Linkedin</a> | <a href="http://stackoverflow.com/users/2490343/shiva" style="line-height:18.4599990844727px;font-weight:inherit;color:blue" target="_blank">StackOverflo<wbr>w</a></font></b></font></div></div></div></div></div></div></div></div>
</div>
</div></div></blockquote></div><br></div>