https://github.com/nmasse-itix/keycloak-nodejs-demo
A demo of the Keycloak NodeJS Adapter
https://github.com/nmasse-itix/keycloak-nodejs-demo
Last synced: about 2 months ago
JSON representation
A demo of the Keycloak NodeJS Adapter
- Host: GitHub
- URL: https://github.com/nmasse-itix/keycloak-nodejs-demo
- Owner: nmasse-itix
- Created: 2021-03-22T16:08:53.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-03-22T16:09:07.000Z (about 4 years ago)
- Last Synced: 2025-02-12T11:16:28.573Z (4 months ago)
- Language: JavaScript
- Size: 17.6 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Keycloak NodeJS Adapter demo
## Setup
```sh
git clone https://github.com/nmasse-itix/keycloak-nodejs-demo.git
cd keycloak-nodejs-demo
npm install
```
## Demo scenario
Install Red Hat SSO.
Create a Realm named Red Hat.
Start the Petstore Server.
```sh
node index.js
```
Show some REST requests.
```sh
http http://localhost:8080/pets/
http http://localhost:8080/pets/1
```
Create a client named "nodejs-client", **Bearer Only**.
Download **keycloak.json** from the **Installation** tab (select **Keycloak OIDC JSON** from the dropdown list).
Uncomment all lines in index.js and restart the Petstore server.
Show that the Petstore server now requires authentication.
```sh
http http://localhost:8080/pets/
```
Create a **confidential** client named "rest-client", with only the **Direct Access Grants** flow enabled.
Create a user **john** with password **secret**.
Request a token for john.
```sh
curl https://$SSO_HOSTNAME/auth/realms/redhat/protocol/openid-connect/token -XPOST -d client_id=rest-client -d client_secret=$CLIENT_SECRET -d grant_type=password -d username=john -d password=secret
```
Save it for later.
```sh
TOKEN=$(curl https://$SSO_HOSTNAME/auth/realms/redhat/protocol/openid-connect/token -XPOST -d client_id=rest-client -d client_secret=$CLIENT_SECRET -d grant_type=password -d username=john -d password=secret -s |jq -r .access_token)
```
Call one of the REST endpoints.
```sh
http http://localhost:8080/pets/ "Authorization:Bearer $TOKEN"
```
Now edit index.js and update all REST endpoint to check for user roles, either **read** or **write**. Like this:
```js
router.get("/pets/:id", keycloak.protect("read"), function(req,res){
```
Restart the petstore server and get a new token.
Show that now, calls are rejected.
```sh
http http://localhost:8080/pets/ "Authorization:Bearer $TOKEN"
```
Give the **read** role to john, get a new token and show that you can query the Read REST endpoints.
```sh
http http://localhost:8080/pets/ "Authorization:Bearer $TOKEN"
```
Write calls a forbidden.
```sh
http DELETE http://localhost:8080/pets/1 "Authorization:Bearer $TOKEN"
```
Give the **write** role to john, get a new token and show that you can query the Write REST endpoints.