{"id":26515493,"url":"https://github.com/brakmic/purescript-passport-keycloak-strategy","last_synced_at":"2026-05-06T22:33:40.524Z","repository":{"id":275828009,"uuid":"923495315","full_name":"brakmic/purescript-passport-keycloak-strategy","owner":"brakmic","description":"A PureScript Passport Strategy for authenticating with Keycloak using the OAuth2/OIDC API","archived":false,"fork":false,"pushed_at":"2025-02-13T09:31:17.000Z","size":728,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-02T12:06:35.958Z","etag":null,"topics":["keycloak","oauth2","oidc","pkce","purescript"],"latest_commit_sha":null,"homepage":"https://blog.brakmic.com","language":"PureScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brakmic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-28T10:55:46.000Z","updated_at":"2025-02-13T09:31:21.000Z","dependencies_parsed_at":"2025-02-04T20:22:31.739Z","dependency_job_id":"b8f58166-b15e-4400-b059-30f6bd106df0","html_url":"https://github.com/brakmic/purescript-passport-keycloak-strategy","commit_stats":null,"previous_names":["brakmic/purescript-passport-keycloak-strategy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/brakmic/purescript-passport-keycloak-strategy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brakmic%2Fpurescript-passport-keycloak-strategy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brakmic%2Fpurescript-passport-keycloak-strategy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brakmic%2Fpurescript-passport-keycloak-strategy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brakmic%2Fpurescript-passport-keycloak-strategy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brakmic","download_url":"https://codeload.github.com/brakmic/purescript-passport-keycloak-strategy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brakmic%2Fpurescript-passport-keycloak-strategy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32714968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-06T19:35:05.142Z","status":"ssl_error","status_checked_at":"2026-05-06T19:35:03.996Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keycloak","oauth2","oidc","pkce","purescript"],"created_at":"2025-03-21T06:16:02.227Z","updated_at":"2026-05-06T22:33:40.509Z","avatar_url":"https://github.com/brakmic.png","language":"PureScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# passport-keycloak-strategy\n\nA PureScript Passport Strategy for authenticating with [Keycloak](http://www.keycloak.com/) using the OAuth2/OIDC API.\n\n![passport-keycloak-strategy](./assets/gifs/passport-keycloak-strategy.gif)\n\nThis library wraps the [passport-keycloak-oauth2-oidc-portable](https://github.com/brakmic/passport-keycloak-oauth2-oidc-portable) npm package, providing a PureScript interface to its KeycloakStrategy. The underlying strategy is based on [passport-oauth2](http://www.passportjs.org/packages/passport-oauth2/) and supports both public and confidential clients, including full [PKCE](https://tools.ietf.org/html/rfc7636) (Proof Key for Code Exchange) support.\n\n---\n\n## Features\n\n- **PureScript Integration:** Use Keycloak authentication in PureScript applications.\n- **Public \u0026 Confidential Clients:** Supports both client types.\n- **PKCE Support:** Ensures secure OAuth2 flows for public clients.\n- **FFI with Node.js/Express:** Easily integrate with existing Express applications.\n- **Interoperability:** Leverages the [passport-keycloak-oauth2-oidc-portable](https://github.com/brakmic/passport-keycloak-oauth2-oidc-portable) package.\n\n---\n\n## Installation\n\n1. **Clone the Repository:**\n\n   ```bash\n   git clone https://github.com/brakmic/purescript-passport-keycloak-strategy.git\n   cd purescript-passport-keycloak-strategy\n   ```\n\n2. **Install Dependencies:**\n\n   ```bash\n   npm install\n   pnpm install  # if you use pnpm\n   ```\n\n3. **Build the Library:**\n\n   ```bash\n   spago install\n   spago build\n   ```\n\n---\n\n## File Structure\n\nThe repository is structured as follows:\n\n```bash\n.\n├── keycloak-demo\n│   ├── keycloak\n│   │   ├── docker-compose.yaml\n│   │   └── test-realm.json\n│   ├── package.json\n│   ├── spago.yaml\n│   ├── src\n│   │   ├── Config.purs\n│   │   ├── Foreign\n│   │   │   ├── Express.js\n│   │   │   └── Express.purs\n│   │   ├── Main.purs\n│   │   ├── Server.js\n│   │   └── Server.purs\n│   ├── static\n│   │   ├── css\n│   │   ├── js\n│   │   └── views\n│   └── test\n│       └── Test\n├── package.json\n├── spago.yaml\n├── src\n│   ├── Foreign\n│   │   └── KeycloakStrategy\n│   └── KeycloakStrategy\n│       ├── EncodableForeign.purs\n│       ├── KeycloakStrategy.purs\n│       └── Types.purs\n├── test\n│   └── Main.purs\n```\n\n- **src/**: Contains the PureScript source code.\n- **keycloak-demo/**: A test/demo client that demonstrates usage of the library.\n- **docker-compose.yml \u0026 test-realm.json**: Used to run a local Keycloak server for testing.\n\n---\n\n## Usage\n\n### Configuration\n\nConfigure your Keycloak realm and client accordingly. For a **public client**, ensure:\n- `Access Type` is set to `public`.\n- No client secret is required.\n- PKCE is enabled.\n\n```haskell\nmakeKeycloakOptions :: ServerConfig -\u003e KeycloakStrategyOptions\nmakeKeycloakOptions config = KeycloakStrategyOptions\n  { ksoRealm: config.realm\n  , ksoAuthServerURL: config.authServerURL\n  , ksoClientID: config.clientId\n  , ksoCallbackURL: config.callbackURL\n  , ksoPublicClient: Just true\n  , ksoClientSecret: Nothing\n  , ksoAuthorizationURL: Nothing\n  , ksoTokenURL: Nothing\n  , ksoSslRequired: Just \"none\"\n  , ksoScope: Just \"openid profile email\"\n  , ksoCustomHeaders: Nothing\n  , ksoScopeSeparator: Just \" \"\n  , ksoSessionKey: Nothing\n  , ksoStore: Nothing\n  , ksoState: Just true\n  , ksoSkipUserProfile: Just false\n  , ksoPkce: Just true\n  , ksoProxy: Nothing\n  }\n```\n\nFor a **confidential client**, ensure:\n- `Access Type` is set to `confidential`.\n- A client secret is provided.\n\n### Running the Demo\n\n1. **Environment Setup:**  \n   Create a `.env` file (using `.env.example` as a template) with the following settings:\n\n   ```ini\n   # Keycloak Demo Port\n   PORT=3002\n   # Keycloak Configuration\n   KEYCLOAK_AUTH_SERVER_URL=http://keycloak:8080\n   KEYCLOAK_REALM=TestRealm\n   KEYCLOAK_CLIENT_ID=test-client\n   KEYCLOAK_CALLBACK_URL=http://localhost:3002/auth/keycloak/callback\n   # Development only\n   NODE_TLS_REJECT_UNAUTHORIZED=0\n   # CORS\n   COOKIE_ORIGIN=http://localhost:3002\n   # Session\n   SESSION_DOMAIN=localhost\n   SESSION_SECRET=a_very_secret_string\n   ```\n\n2. **Start Keycloak:**  \n   From the repository root, run:\n\n   ```bash\n   cd keycloak-demo/keycloak\n   docker compose up -d\n   cd ../..\n   ```\n\n3. **Initial Build (Keycloak Strategy):**  \n   \n   ```bash\n   spago install\n   npm install\n   spago build\n   ```\n4. **Initial Build (Keycloak Demo):**  \n   \n   ```bash\n   cd keycloak-demo\n   spago install\n   npm install\n   spago build\n   ```\n\n5. **Copy Environment Files:**\n\n    ```bash\n    npm run copy-env\n    ```\n\n6. **Run the Demo:**  \n   The demo rebuilds everything and starts the server.\n\n   ```bash\n   spago run\n   ```\n\n   You should see output like:\n\n   ```bash\n   Server running on http://localhost:3002\n   Visit http://localhost:3002/auth/keycloak-init to start authentication\n   ```\n\n7. **Test Authentication:**  \n   Open [http://localhost:3002/auth/keycloak-init](http://localhost:3002/auth/keycloak-init) in your browser. Log in with the credentials (e.g., \"test-user\" / \"password\"). After authentication, you'll be redirected to the profile page.\n   \n   ![keycloak-demo-profile-page](./assets/pngs/keycloak-demo-profile-page.png)\n   \n   Use the provided logout button to end the session.\n\n---\n\n## Development\n\n- **Building the Library:**\n\n  ```bash\n  spago build\n  ```\n\n- **Running Tests / Demo:**\n\n  ```bash\n  spago run\n  ```\n\n- **Keycloak for local testing:**  \n  Use the provided `docker-compose.yml` and `test-realm.json` (located in `keycloak-demo/keycloak`) to spin up a local Keycloak server:\n\n  ```bash\n  docker compose up -d\n  open http://localhost:8080\n  enter user: \"admin\" - password: \"admin\"\n  ```\n\n- **Environment updates:**  \n  If you update `.env`, run:\n\n  ```bash\n  npm run copy-env\n  ```\n\n---\n\n## License\n\n[MIT](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrakmic%2Fpurescript-passport-keycloak-strategy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrakmic%2Fpurescript-passport-keycloak-strategy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrakmic%2Fpurescript-passport-keycloak-strategy/lists"}