[keycloak-user] Secure NodeJS API using keycloak - how to authenticate using bearer access type

Sebastien Blanc sblanc at redhat.com
Mon Aug 8 03:24:57 EDT 2016


well in the latest keycloak.json you pasted a " is missing for the line :

"resource": nodejs-connect",



On Mon, Aug 8, 2016 at 9:13 AM, Deepak Garg <deepakgarg.garg at gmail.com>
wrote:

> Hi Sebi,
>
> I did the same thing and defined a new client/resource called "
> nodejs-connect" and set the access type "bearer-only" .
>
>
> but when I am running my node server, it is throwing an error
> "SyntaxError: *Unexpected token u*
>     at Object.parse (native)
>     at Config.loadConfiguration (D:\Sample Projects\NodePrototypes\NodeSa
> mple\no
> de_modules\keycloak-connect\node_modules\keycloak-auth-utils
> \lib\config.js:53:23
> )
>     at new Config (D:\Sample Projects\NodePrototypes\NodeSa
> mple\node_modules\key
> cloak-connect\node_modules\keycloak-auth-utils\lib\config.js:40:10)
>     at new Keycloak (D:\Sample Projects\NodePrototypes\NodeSa
> mple\node_modules\k
> eycloak-connect\index.js:61:17)"
>
>  Can you look into this below keycloak.json file. If I have specified
> whether it is correct?
>
> *Keycloak.json*
>
> {
>   "realm": "nodejs-example",
>   "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtvV0qb8+
> A0pxKoRpToHhc6srY4PyoX/pwgmR7HyV0PeUw/DgyyCI1Wmvw3T15kWw7Q84gX8IL0wD
> NtfmbhMPmz5umVeul3LzacjU9qfDqG96Wirn7+5Je1VieH5wRX3mtyQ2TboRVpjFD0fw
> d063FYOtCynfDSS0Uo6YgjWs8QwIDAQAB",
>  * "bearer-only": true,*
>   "auth-server-url": "http://localhost:9090/auth",
>   "ssl-required": "none",
>   "resource": nodejs-connect",
>    "enable-cors" : true,
>    "credentials": {
>     "secret": "6b620304-b4a9-4007-8701-d3abb3537598"
>   }
>  }
>
>
> Thanks,
> Deepak
>
> On Mon, Aug 8, 2016 at 12:34 PM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
>> Hi,
>>
>> Is your NodeJS app just a REST backend without any frontend ? In this
>> case you should put "bearer-only: true" and then it is the responsibility
>> of your frontend or any other service to pass the token to your rest
>> service.
>>
>> Sebi
>>
>>
>> On Mon, Aug 8, 2016 at 7:03 AM, Deepak Garg <deepakgarg.garg at gmail.com>
>> wrote:
>>
>>> I have created a rest api in node js and used keycloak-connect npm
>>> packge.
>>> I have mapped the nodejs middleware with keycloak middleware and just put
>>> keycloak.Protect() method in side api method.
>>>
>>> When the user is not logged in, it shows a login screen and ask for
>>> credential. After login, it shows the result. but I don't want to show a
>>> login screen if user is not already logged in. Instead of that i want to
>>> pass the token and get access based upon that token?
>>>
>>> Do i need to do anything in the API code so that it will accept the user
>>> token?
>>>
>>> I like to use this api through User interface and set the access type
>>> bearer for this service in the keycloak admin.
>>>
>>> see the example:
>>>
>>>   var express = require('express');
>>>     var apiRoutes = express.Router();
>>>     var User = require('../models/user');
>>>     var jwt = require('jsonwebtoken');
>>>     var faker = require('faker');
>>>     var session = require('express-session');
>>>     var Keycloak = require('keycloak-connect');
>>>     var hogan = require('hogan-express');
>>>
>>>
>>>
>>>     var memoryStore = new session.MemoryStore();
>>>
>>>     var keycloak = new Keycloak({store: memoryStore});
>>>
>>>         app.use(session({
>>>             secret: app.get('superSecret'),
>>>             resave: false,
>>>             saveUninitialized: true,
>>>             store: memoryStore
>>>         }));
>>>
>>>         app.use(keycloak.middleware({
>>>             logout: '/logout',
>>>             admin: '/'
>>>         }));
>>>  app.get('/api/user',* keycloak.protect()*, function (req, res) {
>>>             res.json({
>>>                 name: faker.name.findName(),
>>>                 email: faker.internet.email(),
>>>                 address: faker.address.streetAddress(),
>>>                 bio: faker.lorem.sentence(),
>>>                 image: faker.image.avatar()
>>>
>>>   });
>>>         });
>>>
>>>
>>> Keycloak.json:
>>>
>>>
>>> {
>>>   "realm" : "nodejs-example",
>>>   "realm-public-key" :
>>> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0x
>>> tL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/
>>> UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/
>>> p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
>>>   "auth-server-url" : "http://xxxx:9090/auth",
>>>   "ssl-required" : "external",
>>>   "resource" : "nodejs-connect",
>>>   "public-client" : true
>>> }
>>>
>>> Thanks,
>>> Deepak
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160808/e7700331/attachment-0001.html 


More information about the keycloak-user mailing list