{"id":19397000,"url":"https://github.com/dexus/iris-keycloak","last_synced_at":"2026-06-17T19:02:52.633Z","repository":{"id":230542746,"uuid":"779358129","full_name":"Dexus/iris-keycloak","owner":"Dexus","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-01T08:51:27.000Z","size":150,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-07T10:29:30.686Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Dexus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-29T16:45:39.000Z","updated_at":"2024-03-29T16:45:55.000Z","dependencies_parsed_at":"2024-04-04T15:01:55.856Z","dependency_job_id":null,"html_url":"https://github.com/Dexus/iris-keycloak","commit_stats":null,"previous_names":["dexus/iris-keycloak"],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dexus%2Firis-keycloak","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dexus%2Firis-keycloak/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dexus%2Firis-keycloak/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dexus%2Firis-keycloak/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Dexus","download_url":"https://codeload.github.com/Dexus/iris-keycloak/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240564594,"owners_count":19821422,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T10:39:01.742Z","updated_at":"2026-06-17T19:02:52.628Z","avatar_url":"https://github.com/Dexus.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Iris-Keycloak\n\n\nIris-Keycloak is specially made for [Iris Framework](https://github.com/kataras/iris)\nusers who also want to use Keycoak.\nThis Project was inspired by zalando's Gin-OAuth and forked from https://github.com/tbaehler/gin-keycloak\n\n\n## Project Context and Features\n\nWhen it comes to choosing a Go framework, there's a lot of confusion\nabout what to use. The scene is very fragmented, and detailed\ncomparisons of different frameworks are still somewhat rare. Meantime,\nhow to handle dependencies and structure projects are big topics in\nthe Go community. We've liked using Gin for its speed,\naccessibility, and usefulness in developing microservice\narchitectures. In creating iris-OAuth2, we wanted to take fuller\nadvantage of Gin's capabilities and help other devs do likewise.\n\nIris-Keycloak is expressive, flexible, and very easy to use. It allows you to:\n- do OAuth2 authorization based on the JWT Token\n- create router groups to place Keycloak authorization on top, using HTTP verbs and passing them\n- more easily decouple services by promoting a \"say what to do, not how to do it\" approach\n- configure your REST API directly in the code (see the \"Usage\" example below)\n- write your own authorization functions\n\n## Requirements\n\n- [Iris](https://github.com/kataras/iris)\n- An Keycloak Token provider\n\nIris-Keycloak uses the following [Go](https://golang.org/) packages as\ndependencies:\n\n* [Iris](https://github.com/kataras/iris)\n* [golog](https://github.com/kataras/golog)\n\n## Installation\n\nAssuming you've installed Go and Gin, run this:\n\n    go get github.com/Dexus/iris-keycloak\n\n## Usage\n\n### Change Logging Level\n    iriskeycloak.Logger.SetLevel(\"debug\") // default debug\n\n### Authentication-Based Access\n\nWith this function you just check if user is authenticated. Therefore there is no need for AccessTuple unlike next two access types.\n\nIris middlewares you use:\n\n    app := iris.New()\n    app.Use(iriskeycloak.RequestLogger([]string{\"uid\"}, \"data\"))\n\n\nA Keycloakconfig. You can either use URL and Realm or define a fullpath that point to protocol/openid-connect/certs\n\n    var sbbEndpoint = iriskeycloak.KeycloakConfig{\n        Url:  \"https://keycloack.domain.ch/\",\n        Realm: \"Your Realm\",\n        FullCertsPath: nil\n    }\n\nLastly, define which type of access you grant to the defined\nteam. We'll use a router group again:\n\n\n    privateGroup := app.Party(\"/api/privateGroup\")\n    privateGroup.Use(iriskeycloak.Auth(iriskeycloak.AuthCheck(), keycloakconfig))\n    privateGroup.Get(\"/\", func(c iris.Context) {\n    \t....\n    })\n\nOnce again, you can use curl to test:\n\n        curl -H \"Authorization: Bearer $TOKEN\" http://localhost:8081/api/privateGroup/\n        {\"message\":\"Hello from private to Dexus member of teapot\"}\n\n\n### Uid-Based Access\n\nRestrict all access but for a few users\n\n    config := iriskeycloak.BuilderConfig{\n              \t\tservice:              \u003cyourServicename\u003e,\n              \t\turl:                  \"\u003cyour token url\u003e\",\n              \t\trealm:                \"\u003cyour realm to get the public keys\u003e\",\n              }\n\n    app := iris.New()\n    privateUser := app.Party(\"/api/privateUser\")\n\n    privateUser.Use(iriskeycloak.NewAccessBuilder(config).\n        RestrictButForUid(\"domain\\user1\").\n        RestrictButForUid(\"domain\\user2\").\n        Build())\n\n    privateUser.Get(\"/\", func(c iris.Context) {\n    \t....\n    })\n\n#### Testing\n\nTo test, you can use curl:\n\n        curl -H \"Authorization: Bearer $TOKEN\" http://localhost:8081/api/privateUser/\n        {\"message\":\"Hello from private for users 1+2\"}\n\n### Role-Based Access\n\nRestrict all access but for the given roles\n\n\n    config := iriskeycloak.BuilderConfig{\n                  \t\tservice:              \u003cyourServicename\u003e,\n                  \t\turl:                  \"\u003cyour token url\u003e\",\n                  \t\trealm:                \"\u003cyour realm to get the public keys\u003e\",\n                  }\n\n    app := iris.New()\n    privateUser := app.Party(\"/api/privateUser\")\n\n    privateUser.Use(iriskeycloak.NewAccessBuilder(config).\n        RestrictButForRole(\"role1\").\n        RestrictButForRole(\"role2\").\n        Build())\n\n    privateUser.Get(\"/\", func(c iris.Context) {\n    \t....\n    })\n\nOnce again, you can use curl to test:\n\n    curl -H \"Authorization: Bearer $TOKEN\" http://localhost:8081/api/privateGroup/\n        {\"message\":\"Hello from private to sszuecs member of teapot\"}\n\n### Realm-Based Access\n\nRealm Based Access is also possible and straightforward:\n\n\n    config := iriskeycloak.BuilderConfig{\n                      \t\tservice:              \u003cyourServicename\u003e,\n                      \t\turl:                  \"\u003cyour token url\u003e\",\n                      \t\trealm:                \"\u003cyour realm to get the public keys\u003e\",\n                      }\n\n    app := iris.New()\n    privateUser := app.Party(\"/api/privateUser\")\n\n    privateUser.Use(iriskeycloak.NewAccessBuilder(config).\n        RestrictButForRealm(\"realmRole\").\n        Build())\n\n    privateUser.Get(\"/\", func(c iris.Context) {\n    \t....\n    })\n\n\n## Custom Claims Mapper\n\nIt is possible to configure a custom claims mapper to add to the `KeyCloakToken` custom claims that are not standard for KeyCloak tokens. The custom claims can be added to the provided field `CustomClaims`.\n\nHere a simple example:\n\n    type MyCustomClaims struct {\n        Tenant string `json:\"https://your-realm/tenant,omitempty\"`\n    }\n\n    func MyCustomClaimsMapper(jsonWebToken *jwt.JSONWebToken, keyCloakToken *iriskeycloak.KeyCloakToken) error {\n        claims := MyCustomClaims{}\n        jsonWebToken.UnsafeClaimsWithoutVerification(\u0026claims)\n        keyCloakToken.CustomClaims = claims\n        return nil\n    }\n\n    var keycloakconfig = iriskeycloak.KeycloakConfig{\n        Url:                \"https://keycloack.domain.ch/\"\n        Realm:              \"your-realm\",\n        FullCertsPath:      nil,\n        CustomClaimsMapper: MyCustomClaimsMapper,\n    }\n\n## FAQ\n\n#### Which Token Signature Algorithms are currently supported?\nCurrently, are only \"EC\" (which uses keycloak by default) and \"RS\" supported\n\n#### How to get the keycloak claims e.g. sub, mail, name?\n\n        irisToken,_ := context.Get(\"token\")\n        token := irisToken.(iriskeycloak.KeyCloakToken)\n\n\n## Contributors\n\nThanks to:\n\n- Zalando Team for their initial work\n- @thaehler for his https://github.com/tbaehler/gin-keycloak\n\n## License\n\nSee MIT-License [LICENSE](LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdexus%2Firis-keycloak","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdexus%2Firis-keycloak","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdexus%2Firis-keycloak/lists"}