Skip to content
/ oa-keycloak-passport Public
forked from exlinc/keycloak-passport

Production-ready multi-realm implementation of a Keycloak Passport Strategy

exlskills.com/learn

License

Apache-2.0 license
0 stars 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wiley/oa-keycloak-passport

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
configuration.js
configuration.js
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Keycloak Passport Strategy - oAuth2/OIDC

This library offers a production-ready and maintained Keycloak Passport connector that offers the following key features:

  • Use multiple realms in the same application (multi-tenancy)

  • Use with oAuth2/Open ID Connect 'clients' in keycloak

  • Fetch users' data from keycloak automatically via the JSON API

Listed Keycloak Extension

Check it out on keycloak.org

Why? Hasn't this already been done?

To a certain extent, yes. There are about 3 to 4 repos that brand themselves as 'Keycloak Passport', yet not a single one of them is actively maintained and most of them are either completely empty, don't allow using multiple realms, only implement part of the protocol, and/or don't fetch the user's data from Keycloak. There also exists a dedicated NodeJS connector by the Keycloak project itself, however, it is unusable if you are seeking to have Keycloak as 'yet another' passport strategy in your app. This project fills that gap.

Usage

Install

npm install @exlinc/keycloak-passport

Import

import KeycloakStrategy from "@exlinc/keycloak-passport";

Initialize

// Register the strategy with passport
passport.use(
  "keycloak",
  new KeycloakStrategy(
    {
      host: process.env.KEYCLOAK_HOST,
      realm: process.env.KEYCLOAK_REALM,
      clientID: process.env.KEYCLOAK_CLIENT_ID,
      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
      callbackURL: `/api${AUTH_KEYCLOAK_CALLBACK}`
    },
    (accessToken, refreshToken, profile, done) => {
      // This is called after a successful authentication has been completed
      // Here's a sample of what you can then do, i.e., write the user to your DB
      User.findOrCreate({ email: profile.email }, (err, user) => {
        assert.ifError(err);
        user.keycloakId = profile.keycloakId;
        user.imageUrl = profile.avatar;
        user.name = profile.name;
        user.save((err, savedUser) => done(err, savedUser));
      });
    }
  )
);

Routes

router.get(
  routes.AUTH_KEYCLOAK,
  passport.authenticate("keycloak", DEFAULT_PASSPORT_OPTIONS)
);
router.get(
  routes.AUTH_KEYCLOAK_CALLBACK,
  passport.authenticate("keycloak", DEFAULT_PASSPORT_OPTIONS),
  AuthController.keyCloakSuccess
);

Compatability with next-auth

There are some known issues with using this passportjs strategy with the latest versions of next-auth. Follow the discussion here.

Contributing/feedback

All forms of contribution are welcome via Issues and Pull-requests to this repo

About

Production-ready multi-realm implementation of a Keycloak Passport Strategy

exlskills.com/learn

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • JavaScript 100.0%