Re: [keycloak-user] Secure NodeJS API using keycloak - how to authenticate using bearer access type

Hi Sebi, I did the same thing and defined a new client/resource called " nodejs-connect" and set the access type "bearer-only" . but when I am running my node server, it is throwing an error "SyntaxError: *Unexpected token u* at Object.parse (native) at Config.loadConfiguration (D:\Sample Projects\NodePrototypes\NodeSa mple\no de_modules\keycloak-connect\node_modules\keycloak-auth-utils \lib\config.js:53:23 ) at new Config (D:\Sample Projects\NodePrototypes\NodeSa mple\node_modules\key cloak-connect\node_modules\keycloak-auth-utils\lib\config.js:40:10) at new Keycloak (D:\Sample Projects\NodePrototypes\NodeSa mple\node_modules\k eycloak-connect\index.js:61:17)" Can you look into this below keycloak.json file. If I have specified whether it is correct? *Keycloak.json* { "realm": "nodejs-example", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtvV0qb8+ A0pxKoRpToHhc6srY4PyoX/pwgmR7HyV0PeUw/DgyyCI1Wmvw3T15kWw7Q84gX8IL0wD NtfmbhMPmz5umVeul3LzacjU9qfDqG96Wirn7+5Je1VieH5wRX3mtyQ2TboRVpjFD0fw d063FYOtCynfDSS0Uo6YgjWs8QwIDAQAB", * "bearer-only": true,* "auth-server-url": "http://localhost:9090/auth", "ssl-required": "none", "resource": nodejs-connect", "enable-cors" : true, "credentials": { "secret": "6b620304-b4a9-4007-8701-d3abb3537598" } } Thanks, Deepak On Mon, Aug 8, 2016 at 12:34 PM, Sebastien Blanc <sblanc(a)redhat.com&gt; wrote: > Hi, > > Is your NodeJS app just a REST backend without any frontend ? In this > case you should put "bearer-only: true" and then it is the responsibility > of your frontend or any other service to pass the token to your rest > service. > > Sebi > > > On Mon, Aug 8, 2016 at 7:03 AM, Deepak Garg <deepakgarg.garg(a)gmail.com&gt; > wrote: > >> I have created a rest api in node js and used keycloak-connect npm >> packge. >> I have mapped the nodejs middleware with keycloak middleware and just put >> keycloak.Protect() method in side api method. >> >> When the user is not logged in, it shows a login screen and ask for >> credential. After login, it shows the result. but I don't want to show a >> login screen if user is not already logged in. Instead of that i want to >> pass the token and get access based upon that token? >> >> Do i need to do anything in the API code so that it will accept the user >> token? >> >> I like to use this api through User interface and set the access type >> bearer for this service in the keycloak admin. >> >> see the example: >> >> var express = require('express'); >> var apiRoutes = express.Router(); >> var User = require('../models/user'); >> var jwt = require('jsonwebtoken'); >> var faker = require('faker'); >> var session = require('express-session'); >> var Keycloak = require('keycloak-connect'); >> var hogan = require('hogan-express'); >> >> >> >> var memoryStore = new session.MemoryStore(); >> >> var keycloak = new Keycloak({store: memoryStore}); >> >> app.use(session({ >> secret: app.get('superSecret'), >> resave: false, >> saveUninitialized: true, >> store: memoryStore >> })); >> >> app.use(keycloak.middleware({ >> logout: '/logout', >> admin: '/' >> })); >> app.get('/api/user',* keycloak.protect()*, function (req, res) { >> res.json({ >> name: faker.name.findName(), >> email: faker.internet.email(), >> address: faker.address.streetAddress(), >> bio: faker.lorem.sentence(), >> image: faker.image.avatar() >> >> }); >> }); >> >> >> Keycloak.json: >> >> >> { >> "realm" : "nodejs-example", >> "realm-public-key" : >> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0x >> tL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/ >> UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/ >> p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", >> "auth-server-url" : "http://xxxx:9090/auth", >> "ssl-required" : "external", >> "resource" : "nodejs-connect", >> "public-client" : true >> } >> >> Thanks, >> Deepak >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >