3:45 a.m.
I have created a rest api in node js and used keycloak-connect npm packge.
I have mapped the nodejs middleware with keycloak middleware and just put
keycloak.Protect() method in side api method.
When the user is not logged in, it shows a login screen and ask for
credential. After login, it shows the result. but I don't want to show a
login screen if user is not already logged in. Instead of that i want to
pass the token and get access based upon that token?
Do i need to do anything in the API code so that it will accept the user
token?
I like to use this api through User interface and set the access type
bearer for this service in the keycloak admin.
see the example:
var express = require('express');
var apiRoutes = express.Router();
var User = require('../models/user');
var jwt = require('jsonwebtoken');
var faker = require('faker');
var session = require('express-session');
var Keycloak = require('keycloak-connect');
var hogan = require('hogan-express');
var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({store: memoryStore});
app.use(session({
secret: app.get('superSecret'),
resave: false,
saveUninitialized: true,
store: memoryStore
}));
app.use(keycloak.middleware({
logout: '/logout',
admin: '/'
}));
app.get('/api/user',* keycloak.protect()*, function (req, res) {
res.json({
name: faker.name.findName(),
email: faker.internet.email(),
address: faker.address.streetAddress(),
bio: faker.lorem.sentence(),
image: faker.image.avatar()
});
});
Keycloak.json:
{
"realm" : "nodejs-example",
"realm-public-key" :
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://xxxx:9090/auth",
"ssl-required" : "external",
"resource" : "nodejs-connect",
"public-client" : true
}
Thanks,
Deepak
On Fri, Aug 5, 2016 at 1:07 PM, Shiva Saxena <shivasaxena999(a)gmail.com>
wrote:
Hi,
Do you mean how do you set the bearer token when calling the REST endpoint
from the browser ?
On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <deepakgarg.garg(a)gmail.com>
wrote:
> Hi Shiva,
>
> Thanks for the reply. I have already gone through this article.
>
> I am specially looking for how to set the access type to bearer when
> using the API from other application and pass on the token? How to pass the
> authentication token to API and how keycloak would determine the same?
>
> Also, I may need to change the keycloak.json as well based upon access
> type
>
> Please suggest me example based upon above requirement.
>
> Thanks,
> Deepak
>
> On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <shivasaxena999(a)gmail.com>
> wrote:
>
>> Hi Deepak,
>>
>> You can check this example on github
>> https://github.com/keycloak/keycloak-nodejs-connect
>>
>> In the admin console you will need to add a new application, it can be
>> public or bearer depends, on the fact that will your API be directly called
>> and request authentication or they will be called inside a pre
>> authenticated app and just pass the token previously obtained.
>>
>> On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg(a)gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I have created a nodeJS rest api application. I want to secure my
>>> nodeJS API layer using keycloak.
>>>
>>> Please suggest me how I can achieve the same?
>>>
>>> What configuration I need to do in the admin keycloak console? like
>>> under client->access type should be public or bearer only?
>>>
>>>
>>> Thanks,
>>> Deepak
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>> --
>> Best Regards
>> *Shiva Saxena*
>> *Blog <http://metalop.com/> | Linkedin
>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>> <http://stackoverflow.com/users/2490343/shiva>*
>>
>
>
--
Best Regards
*Shiva Saxena*
*Blog <http://metalop.com/> | Linkedin
<http://in.linkedin.com/in/shivasaxena/> | StackOverflow
<http://stackoverflow.com/users/2490343/shiva>*