[keycloak-user] Secure NodeJS APIs using keycloak

Shiva Saxena shivasaxena999 at gmail.com
Fri Aug 5 04:57:01 EDT 2016


Hi,

You will have to go to the keycloak admin console and select your realm
then the resource ie 'nodejs-connect' and change the access type to
bearer-only.

Then you can send "Bearer" header having the token in the HttpRequest. If
it fails no login will be initiated(i.e you will not be redirected to the
login page).

On Fri, Aug 5, 2016 at 2:15 PM, Deepak Garg <deepakgarg.garg at gmail.com>
wrote:

> I have created a rest api in node js and used keycloak-connect npm packge.
> I have mapped the nodejs middleware with keycloak middleware and just put
> keycloak.Protect() method in side api method.
>
> When the user is not logged in, it shows a login screen and ask for
> credential. After login, it shows the result. but I don't want to show a
> login screen if user is not already logged in. Instead of that i want to
> pass the token and get access based upon that token?
>
> Do i need to do anything in the API code so that it will accept the user
> token?
>
> I like to use this api through User interface and set the access type
> bearer for this service in the keycloak admin.
>
> see the example:
>
>   var express = require('express');
>     var apiRoutes = express.Router();
>     var User = require('../models/user');
>     var jwt = require('jsonwebtoken');
>     var faker = require('faker');
>     var session = require('express-session');
>     var Keycloak = require('keycloak-connect');
>     var hogan = require('hogan-express');
>
>
>
>     var memoryStore = new session.MemoryStore();
>
>     var keycloak = new Keycloak({store: memoryStore});
>
>         app.use(session({
>             secret: app.get('superSecret'),
>             resave: false,
>             saveUninitialized: true,
>             store: memoryStore
>         }));
>
>         app.use(keycloak.middleware({
>             logout: '/logout',
>             admin: '/'
>         }));
>  app.get('/api/user',* keycloak.protect()*, function (req, res) {
>             res.json({
>                 name: faker.name.findName(),
>                 email: faker.internet.email(),
>                 address: faker.address.streetAddress(),
>                 bio: faker.lorem.sentence(),
>                 image: faker.image.avatar()
>
>   });
>         });
>
>
> Keycloak.json:
>
>
> {
>   "realm" : "nodejs-example",
>   "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD
> CBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1
> tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfP
> LPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
>   "auth-server-url" : "http://xxxx:9090/auth",
>   "ssl-required" : "external",
>   "resource" : "nodejs-connect",
>   "public-client" : true
> }
>
> Thanks,
> Deepak
>
>
> On Fri, Aug 5, 2016 at 1:07 PM, Shiva Saxena <shivasaxena999 at gmail.com>
> wrote:
>
>> Hi,
>>
>> Do you mean how do you set the bearer token when calling the REST
>> endpoint from the browser ?
>>
>> On Fri, Aug 5, 2016 at 1:02 PM, Deepak Garg <deepakgarg.garg at gmail.com>
>> wrote:
>>
>>> Hi Shiva,
>>>
>>> Thanks for the reply. I have already gone through this article.
>>>
>>> I am specially looking for how to set the access type to bearer when
>>> using the API from other application and pass on the token? How to pass the
>>> authentication token to API and how keycloak would determine the same?
>>>
>>> Also, I may need to change the keycloak.json as well based upon access
>>> type
>>>
>>> Please suggest me example based upon above requirement.
>>>
>>> Thanks,
>>> Deepak
>>>
>>> On Fri, Aug 5, 2016 at 12:24 PM, Shiva Saxena <shivasaxena999 at gmail.com>
>>> wrote:
>>>
>>>> Hi Deepak,
>>>>
>>>> You can check this example on github
>>>> https://github.com/keycloak/keycloak-nodejs-connect
>>>>
>>>> In the admin console you will need to add a new application, it can be
>>>> public or bearer depends, on the fact that will your API be directly called
>>>> and request authentication or they will be called inside a pre
>>>> authenticated app and just pass the token previously obtained.
>>>>
>>>> On Fri, Aug 5, 2016 at 9:59 AM, Deepak Garg <deepakgarg.garg at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have created a nodeJS rest api application. I want to secure my
>>>>> nodeJS API layer using keycloak.
>>>>>
>>>>> Please suggest me how I can achieve the same?
>>>>>
>>>>> What configuration I need to do in the admin keycloak console? like
>>>>> under client->access type should be public or bearer only?
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Deepak
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Best Regards
>>>> *Shiva Saxena*
>>>> *Blog <http://metalop.com/> | Linkedin
>>>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>>>> <http://stackoverflow.com/users/2490343/shiva>*
>>>>
>>>
>>>
>>
>>
>> --
>> Best Regards
>> *Shiva Saxena*
>> *Blog <http://metalop.com/> | Linkedin
>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>> <http://stackoverflow.com/users/2490343/shiva>*
>>
>
>


-- 
Best Regards
*Shiva Saxena*
*Blog <http://metalop.com/> | Linkedin
<http://in.linkedin.com/in/shivasaxena/> | StackOverflow
<http://stackoverflow.com/users/2490343/shiva>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160805/cc4eccb1/attachment-0001.html 


More information about the keycloak-user mailing list