Authntication with keycloak #3186
Unanswered
subhashnew
asked this question in
Q&A
Replies: 1 comment
-
|
Hi @subhashnew , The easiest way is to use passportjs with a keycloak provider. In the docs, you can find the required steps to integrate social auth into blitzjs: I checked my prototypes and I have used a local provider ( not sure why and where i copied it :D ), but you can also use an existing provider. Anyway... here the code snippets to get started.
/**
* Module dependencies.
*/
var Strategy = require("./strategy")
/**
* Expose `Strategy` directly from package.
*/
exports = module.exports = Strategy
/**
* Export constructors.
*/
exports.Strategy = Strategy
const util = require("util")
const OAuth2Strategy = require("passport-oauth2")
class Strategy extends OAuth2Strategy {
constructor(options, verify) {
super(options, verify)
// [
// 'host',
// 'realm',
// 'clientID',
// 'clientSecret',
// 'callbackURL',
// 'authorizationURL',
// 'tokenURL',
// 'userInfoURL'
// ].forEach((k) => {
// if (!options[ k ]) {
// throw new Error(`${k} is required`);
// }
// });
this.options = options
this._base = Object.getPrototypeOf(Strategy.prototype)
this._base.constructor.call(this, this.options, verify)
this.name = "keycloak"
}
userProfile(accessToken, done) {
this._oauth2._useAuthorizationHeaderForGET = true
this._oauth2.get(this.options.userInfoURL, accessToken, (err, body) => {
if (err) {
return done(err)
}
try {
const json = JSON.parse(body)
const email = json.email
const userInfo = {
keycloakId: json.sub,
fullName: json.name,
firstName: json.given_name,
lastName: json.family_name,
username: json.preferred_username,
email,
avatar: json.avatar,
realm: this.options.realm,
}
done(null, userInfo)
} catch (e) {
done(e)
}
})
}
}
//util.inherits(Strategy, OAuth2Strategy);
module.exports = Strategy
import { passportAuth } from "blitz"
import { Strategy as KeycloakStrategy } from "../../../packages/passportjs/keycloak"
import db from "db"
export default passportAuth(({ ctx, req, res }) => ({
successRedirectUrl: "/",
errorRedirectUrl: "/",
strategies: [
{
strategy: new KeycloakStrategy(
{
host: process.env.KEYCLOAK_ENDPOINT,
realm: process.env.KEYCLOAK_REALM,
clientID: "keycloak_clientname", // i have used a public client, which redirects to our company sso service
clientSecret: "just_a_dummy_secret",
callbackURL: `${process.env.SITE_URL}/api/auth/keycloak/callback`,
authorizationURL: `${process.env.KEYCLOAK_ENDPOINT}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/auth`,
tokenURL: `${process.env.KEYCLOAK_ENDPOINT}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
userInfoURL: `${process.env.KEYCLOAK_ENDPOINT}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/userinfo`,
pkce: true,
state: true,
},
async (_accessToken, _refreshToken, profile, done) => {
const user = await db.user.upsert({
where: { email: profile.email },
create: {
email: profile.email,
lastLogin: new Date(),
},
update: {
email: profile.email,
lastLogin: new Date(),
},
})
const publicData = {
userId: user.id,
roles: [user.role],
source: "keycloak",
}
done(undefined, { publicData })
}
),
},
],
}))
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
How can i authenticate blitz app with keycloak.can someone give me a brief explain
Beta Was this translation helpful? Give feedback.
All reactions