Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/devsu/condor-jwt-keycloak
Condor middleware to authenticate GRPC calls using Keycloak.
https://github.com/devsu/condor-jwt-keycloak
authentication condor condor-framework grpc keycloak middleware nodejs
Last synced: 3 days ago
JSON representation
Condor middleware to authenticate GRPC calls using Keycloak.
- Host: GitHub
- URL: https://github.com/devsu/condor-jwt-keycloak
- Owner: devsu
- License: mit
- Created: 2017-05-05T02:34:06.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-05-08T01:02:55.000Z (over 7 years ago)
- Last Synced: 2024-09-19T03:11:28.696Z (16 days ago)
- Topics: authentication, condor, condor-framework, grpc, keycloak, middleware, nodejs
- Language: JavaScript
- Homepage:
- Size: 20.5 KB
- Stars: 1
- Watchers: 6
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# condor-jwt-keycloak
This module lets you authenticate GRPC calls using JSON Web Tokens (**JWTs**) created by [Keycloak](http://www.keycloak.org/) in your [Condor](https://github.com/devsu/condor-framework) GRPC services.
[](https://travis-ci.org/devsu/condor-jwt-keycloak)
[](https://coveralls.io/github/devsu/condor-jwt-keycloak?branch=master)
**Condor** is a [GRPC Framework for node](https://github.com/devsu/condor-framework).
## Features
This module extends [condor-jwt](https://github.com/devsu/condor-jwt) and offers additional features for integration with keycloak:
- Handles public key rotation retrieval
- Allows live token validation (using introspection)
- Multi-tenancy support, by allowing multiple realms
## Installation
```bash
npm i --save condor-framework condor-jwt-keycloak
```
## How to use
The JWT middleware decodes and verifies a JsonWebToken passed in the `authorization` header. If the token is valid, `context.token` will be set with the JSON object decoded to be used by later middleware for authorization and access control. (See [condor-authorize](https://github.com/devsu/condor-authorize))
```js
const Condor = require('condor-framework');
const jwt = require('condor-jwt-keycloak');
const Greeter = require('./greeter');
const options = {
'url': 'http://localhost:8080/auth',
'realm': 'master',
};
const app = new Condor()
.addService('./protos/greeter.proto', 'myapp.Greeter', new Greeter())
.use(jwt(options))
// middleware below this line is only reached if JWT token is valid
.use((context, next) => {
console.log('valid token found: ', context.token);
next();
})
.start();
```
## Options
Allows all the options of the [condor-jwt](https://github.com/devsu/condor-jwt) module. And also:
| Option | Description | Default |
|----------------------------|-------------------------------------------------------------------------------------------|---------|
| url | The authorization server URL. E.g. `http://localhost:8080/auth`. Required. | |
| realm | The realm name. E.g. `master`. Required unless `allowAnyRealm` is `true`. | |
| allowAnyRealm | Allow to authenticate against any realm in the authorization server. | false |
| minTimeBetweenJwksRequests | How many *milliseconds* should have elapsed before trying to get JWKs from keycloak again | 10000 |
| introspect | Perform live validation using token introspection. | false |
| clientId | Client ID setup in keycloak. Required when introspect is true. | |
| clientSecret | Client secret (can be found in keycloak, under credentials tab). Required when introspect is true.| |
Additionaly, you can send any option of the [verify](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) method of the [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Such options will be used to verify the token.
## License and Credits
MIT License. Copyright 2017
Built by the [GRPC experts](https://devsu.com) at Devsu.