Hi guys,
I created a REST API that I would like to protect with keycloak.
However, I don't find any example/tutorial on Internet that suits.
At the moment I use keycloak-nodejs-connect:
https://github.com/keycloak/ke
ycloak-nodejs-connect/blob/master/example/index.js
This is the basic example given:
var Keycloak = require('keycloak-connect');
var express = require('express');
var session = require('express-session');
var app = express();
var server = app.listen(3000, function () {});
var memoryStore = new session.MemoryStore();
app.use(session({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: memoryStore,
}));
var keycloak = new Keycloak({
store: memoryStore
});
app.use(keycloak.middleware({
logout: '/logout',
admin: '/'
}));
app.get('/login', keycloak.protect(), function (req, res) {
res.render('index', {
result: JSON.stringify(JSON.parse(req.session['keycloak-token']), null,
4),
event: '1. Authentication\n2. Login'
});
});
But that doesn't corresponds to my need: in a REST API I have no login or
logout and no memory.
I think the user should always make requests with a bearer token. Based on
that token I can identify the user and get his roles.
Then I could use keycloak.protect('realm:myendpoint') to protect each of my
endpoints. If the user have got that role, he is authorized.
Did I understood correctly the flow?
Is there some example or REST API with authz, using nodeJS?
Thanks a lot!!!
Corentin