Authntication with keycloak #3186
Unanswered
subhashnew
asked this question in
Q&A
Replies: 1 comment
-
Hi @subhashnew , The easiest way is to use passportjs with a keycloak provider. In the docs, you can find the required steps to integrate social auth into blitzjs: I checked my prototypes and I have used a local provider ( not sure why and where i copied it :D ), but you can also use an existing provider. Anyway... here the code snippets to get started.
/**
* Module dependencies.
*/
var Strategy = require("./strategy")
/**
* Expose `Strategy` directly from package.
*/
exports = module.exports = Strategy
/**
* Export constructors.
*/
exports.Strategy = Strategy
const util = require("util")
const OAuth2Strategy = require("passport-oauth2")
class Strategy extends OAuth2Strategy {
constructor(options, verify) {
super(options, verify)
// [
// 'host',
// 'realm',
// 'clientID',
// 'clientSecret',
// 'callbackURL',
// 'authorizationURL',
// 'tokenURL',
// 'userInfoURL'
// ].forEach((k) => {
// if (!options[ k ]) {
// throw new Error(`${k} is required`);
// }
// });
this.options = options
this._base = Object.getPrototypeOf(Strategy.prototype)
this._base.constructor.call(this, this.options, verify)
this.name = "keycloak"
}
userProfile(accessToken, done) {
this._oauth2._useAuthorizationHeaderForGET = true
this._oauth2.get(this.options.userInfoURL, accessToken, (err, body) => {
if (err) {
return done(err)
}
try {
const json = JSON.parse(body)
const email = json.email
const userInfo = {
keycloakId: json.sub,
fullName: json.name,
firstName: json.given_name,
lastName: json.family_name,
username: json.preferred_username,
email,
avatar: json.avatar,
realm: this.options.realm,
}
done(null, userInfo)
} catch (e) {
done(e)
}
})
}
}
//util.inherits(Strategy, OAuth2Strategy);
module.exports = Strategy
import { passportAuth } from "blitz"
import { Strategy as KeycloakStrategy } from "../../../packages/passportjs/keycloak"
import db from "db"
export default passportAuth(({ ctx, req, res }) => ({
successRedirectUrl: "/",
errorRedirectUrl: "/",
strategies: [
{
strategy: new KeycloakStrategy(
{
host: process.env.KEYCLOAK_ENDPOINT,
realm: process.env.KEYCLOAK_REALM,
clientID: "keycloak_clientname", // i have used a public client, which redirects to our company sso service
clientSecret: "just_a_dummy_secret",
callbackURL: `${process.env.SITE_URL}/api/auth/keycloak/callback`,
authorizationURL: `${process.env.KEYCLOAK_ENDPOINT}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/auth`,
tokenURL: `${process.env.KEYCLOAK_ENDPOINT}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
userInfoURL: `${process.env.KEYCLOAK_ENDPOINT}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/userinfo`,
pkce: true,
state: true,
},
async (_accessToken, _refreshToken, profile, done) => {
const user = await db.user.upsert({
where: { email: profile.email },
create: {
email: profile.email,
lastLogin: new Date(),
},
update: {
email: profile.email,
lastLogin: new Date(),
},
})
const publicData = {
userId: user.id,
roles: [user.role],
source: "keycloak",
}
done(undefined, { publicData })
}
),
},
],
}))
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
How can i authenticate blitz app with keycloak.can someone give me a brief explain
Beta Was this translation helpful? Give feedback.
All reactions