Hi Deepak, You can check this example on github https://github.com/keycloak/keycloak-nodejs-connect In the admin console you will need to add a new application, it can be public or bearer depends, on the fact that will your API be directly called and request authentication or they will be called inside a pre authenticated app and just pass the token previously obtained. On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg(a)gmail.com&gt; wrote: > Hi, > > I have created a nodeJS rest api application. I want to secure my nodeJS > API layer using keycloak. > > Please suggest me how I can achieve the same? > > What configuration I need to do in the admin keycloak console? like under > client->access type should be public or bearer only? > > > Thanks, > Deepak > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Best Regards *Shiva Saxena* *Blog <http://metalop.com/> | Linkedin <http://in.linkedin.com/in/shivasaxena/> | StackOverflow <http://stackoverflow.com/users/2490343/shiva>*

Hi, Do you mean how do you set the bearer token when calling the REST endpoint from the browser ? On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <deepakgarg.garg(a)gmail.com&gt; wrote: > Hi Shiva, > > Thanks for the reply. I have already gone through this article. > > I am specially looking for how to set the access type to bearer when > using the API from other application and pass on the token? How to pass the > authentication token to API and how keycloak would determine the same? > > Also, I may need to change the keycloak.json as well based upon access > type > > Please suggest me example based upon above requirement. > > Thanks, > Deepak > > On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <shivasaxena999(a)gmail.com&gt; > wrote: > >> Hi Deepak, >> >> You can check this example on github >> https://github.com/keycloak/keycloak-nodejs-connect >> >> In the admin console you will need to add a new application, it can be >> public or bearer depends, on the fact that will your API be directly called >> and request authentication or they will be called inside a pre >> authenticated app and just pass the token previously obtained. >> >> On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg(a)gmail.com&gt; >> wrote: >> >>> Hi, >>> >>> I have created a nodeJS rest api application. I want to secure my >>> nodeJS API layer using keycloak. >>> >>> Please suggest me how I can achieve the same? >>> >>> What configuration I need to do in the admin keycloak console? like >>> under client->access type should be public or bearer only? >>> >>> >>> Thanks, >>> Deepak >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >> >> -- >> Best Regards >> *Shiva Saxena* >> *Blog <http://metalop.com/> | Linkedin >> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow >> <http://stackoverflow.com/users/2490343/shiva>* >> > > -- Best Regards *Shiva Saxena* *Blog <http://metalop.com/> | Linkedin <http://in.linkedin.com/in/shivasaxena/> | StackOverflow <http://stackoverflow.com/users/2490343/shiva>*

Hi, You will have to go to the keycloak admin console and select your realm then the resource ie 'nodejs-connect' and change the access type to bearer-only. Then you can send "Bearer" header having the token in the HttpRequest. If it fails no login will be initiated(i.e you will not be redirected to the login page). On Fri, Aug 5, 2016 at 2:15 PM, Deepak Garg <deepakgarg.garg(a)gmail.com&gt; wrote: > I have created a rest api in node js and used keycloak-connect npm > packge. I have mapped the nodejs middleware with keycloak middleware and > just put keycloak.Protect() method in side api method. > > When the user is not logged in, it shows a login screen and ask for > credential. After login, it shows the result. but I don't want to show a > login screen if user is not already logged in. Instead of that i want to > pass the token and get access based upon that token? > > Do i need to do anything in the API code so that it will accept the user > token? > > I like to use this api through User interface and set the access type > bearer for this service in the keycloak admin. > > see the example: > > var express = require('express'); > var apiRoutes = express.Router(); > var User = require('../models/user'); > var jwt = require('jsonwebtoken'); > var faker = require('faker'); > var session = require('express-session'); > var Keycloak = require('keycloak-connect'); > var hogan = require('hogan-express'); > > > > var memoryStore = new session.MemoryStore(); > > var keycloak = new Keycloak({store: memoryStore}); > > app.use(session({ > secret: app.get('superSecret'), > resave: false, > saveUninitialized: true, > store: memoryStore > })); > > app.use(keycloak.middleware({ > logout: '/logout', > admin: '/' > })); > app.get('/api/user',* keycloak.protect()*, function (req, res) { > res.json({ > name: faker.name.findName(), > email: faker.internet.email(), > address: faker.address.streetAddress(), > bio: faker.lorem.sentence(), > image: faker.image.avatar() > > }); > }); > > > Keycloak.json: > > > { > "realm" : "nodejs-example", > "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNA > DCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw > 1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNab > MaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", > "auth-server-url" : "http://xxxx:9090/auth", > "ssl-required" : "external", > "resource" : "nodejs-connect", > "public-client" : true > } > > Thanks, > Deepak > > > On Fri, Aug 5, 2016 at 1:07 PM, Shiva Saxena <shivasaxena999(a)gmail.com&gt; > wrote: > >> Hi, >> >> Do you mean how do you set the bearer token when calling the REST >> endpoint from the browser ? >> >> On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <deepakgarg.garg(a)gmail.com&gt; >> wrote: >> >>> Hi Shiva, >>> >>> Thanks for the reply. I have already gone through this article. >>> >>> I am specially looking for how to set the access type to bearer when >>> using the API from other application and pass on the token? How to pass the >>> authentication token to API and how keycloak would determine the same? >>> >>> Also, I may need to change the keycloak.json as well based upon access >>> type >>> >>> Please suggest me example based upon above requirement. >>> >>> Thanks, >>> Deepak >>> >>> On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <shivasaxena999(a)gmail.com >>> > wrote: >>> >>>> Hi Deepak, >>>> >>>> You can check this example on github >>>> https://github.com/keycloak/keycloak-nodejs-connect >>>> >>>> In the admin console you will need to add a new application, it can be >>>> public or bearer depends, on the fact that will your API be directly called >>>> and request authentication or they will be called inside a pre >>>> authenticated app and just pass the token previously obtained. >>>> >>>> On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg(a)gmail.com >>>> > wrote: >>>> >>>>> Hi, >>>>> >>>>> I have created a nodeJS rest api application. I want to secure my >>>>> nodeJS API layer using keycloak. >>>>> >>>>> Please suggest me how I can achieve the same? >>>>> >>>>> What configuration I need to do in the admin keycloak console? like >>>>> under client->access type should be public or bearer only? >>>>> >>>>> >>>>> Thanks, >>>>> Deepak >>>>> >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>> >>>> >>>> >>>> >>>> -- >>>> Best Regards >>>> *Shiva Saxena* >>>> *Blog <http://metalop.com/> | Linkedin >>>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow >>>> <http://stackoverflow.com/users/2490343/shiva>* >>>> >>> >>> >> >> >> -- >> Best Regards >> *Shiva Saxena* >> *Blog <http://metalop.com/> | Linkedin >> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow >> <http://stackoverflow.com/users/2490343/shiva>* >> > > -- Best Regards *Shiva Saxena* *Blog <http://metalop.com/> | Linkedin <http://in.linkedin.com/in/shivasaxena/> | StackOverflow <http://stackoverflow.com/users/2490343/shiva>*