GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ferrerojosh → nest-keycloak-connect

ferrerojosh / nest-keycloak-connect

Licence: MIT license
keycloak-nodejs-connect module for Nest

Programming Languages

typescript
32286 projects
javascript
184084 projects - #8 most used programming language

Labels

keycloaknestjs

Projects that are alternatives of or similar to nest-keycloak-connect

starter-reactnative-nestjs-mysql
Starter mobile ReactNative NestJS MySQL with continuous integration and AWS deployment
Stars: ✭ 16 (-90.8%)
Mutual labels:  nestjs
nestjs-rmq
A custom library for NestJS microservice. It allows you to use RabbitMQ or AMQP.
Stars: ✭ 182 (+4.6%)
Mutual labels:  nestjs
nt-cms
nest.js with CMS
Stars: ✭ 61 (-64.94%)
Mutual labels:  nestjs
crypto-watchdog
Crypto Watchdog is an open-source developer friendly project, periodically queries crypto market and notifies potential pumps & recently added tokens/coins via web-hooks.
Stars: ✭ 22 (-87.36%)
Mutual labels:  nestjs
keycloak-admin-go
Keycloak Admin REST client for go
Stars: ✭ 17 (-90.23%)
Mutual labels:  keycloak
nest-rabbit-tasks
nest-rabbit-worker is a TaskQueue based upon RabbitMQ for NestJS
Stars: ✭ 29 (-83.33%)
Mutual labels:  nestjs
nestjs-microservice-boilerplate
Boilerplate for a TCP Microservice in NestJS with TypeORM and tests
Stars: ✭ 45 (-74.14%)
Mutual labels:  nestjs
game-store-monorepo-app
A full-stack web app built with NestJS and ReactJS that helps you find and discover over 500,000+ video games on your device. Powered by RAWG API.
Stars: ✭ 106 (-39.08%)
Mutual labels:  nestjs
mmo-arch
Base Architecture for creating scalable games using microservices through Angular, Phaser, NestJS, NATS, and MySQL
Stars: ✭ 25 (-85.63%)
Mutual labels:  nestjs
Nine-chat-frontend
采用socketio打造的多人实时通讯多房间在线音乐聊天室
Stars: ✭ 54 (-68.97%)
Mutual labels:  nestjs
nestjs-dynamoose
Dynamoose module for Nest
Stars: ✭ 84 (-51.72%)
Mutual labels:  nestjs
keycloak-protocol-cas
CAS protocol provider for Keycloak
Stars: ✭ 67 (-61.49%)
Mutual labels:  keycloak
dinivas
AWS, GCP alternative on premise. Dinivas manage your private Cloud (OpenStack) infrastructure by providing many features based on popular Open Source projects
Stars: ✭ 15 (-91.38%)
Mutual labels:  keycloak
blog-be-next
The back-end platform for Yancey blog.
Stars: ✭ 33 (-81.03%)
Mutual labels:  nestjs
nestjs-otel
OpenTelemetry (Tracing + Metrics) module for Nest framework (node.js) 🔭
Stars: ✭ 273 (+56.9%)
Mutual labels:  nestjs
truthy
Open source headless CMS API written using NestJS, that has pre built modules like User Management, Role Management, Permission Management, Email Module, Account Settings, OTP, Throttling, RBAC support, Localization, and many more.
Stars: ✭ 200 (+14.94%)
Mutual labels:  nestjs
nestjs-mercurius
NestJs module to use Mercurius as GraphQL server
Stars: ✭ 38 (-78.16%)
Mutual labels:  nestjs
nestjs-rest-sample
NestJS RESTful APIs Sample
Stars: ✭ 204 (+17.24%)
Mutual labels:  nestjs
react-ecommerce
E-commerce monorepo application using NextJs, React, React-native, Design-System and Graphql with Typescript
Stars: ✭ 136 (-21.84%)
Mutual labels:  nestjs
nestjs-pg-notify
NestJS custom transport strategy for PostgreSQL Pub/Sub.
Stars: ✭ 53 (-69.54%)
Mutual labels:  nestjs
View All Similar Projects ➔

Nest Keycloak Connect

GitHub npm npm peer dependency version npm peer dependency version Verify Build npm npm

Support via PayPal

An adapter for keycloak-nodejs-connect.

Features

Installation

Yarn

yarn add nest-keycloak-connect keycloak-connect

NPM

npm install nest-keycloak-connect keycloak-connect --save

Getting Started

Module registration

Registering the module:

KeycloakConnectModule.register({
  authServerUrl: 'http://localhost:8080/auth',
  realm: 'master',
  clientId: 'my-nestjs-app',
  secret: 'secret',   
  policyEnforcement: PolicyEnforcementMode.PERMISSIVE, // optional
  tokenValidation: TokenValidation.ONLINE, // optional
})

Async registration is also available:

KeycloakConnectModule.registerAsync({
  useExisting: KeycloakConfigService,
  imports: [ConfigModule]
})

KeycloakConfigService

import { Injectable } from '@nestjs/common';
import { KeycloakConnectOptions, KeycloakConnectOptionsFactory, PolicyEnforcementMode, TokenValidation } from 'nest-keycloak-connect';

@Injectable()
export class KeycloakConfigService implements KeycloakConnectOptionsFactory {

  createKeycloakConnectOptions(): KeycloakConnectOptions {
    return {
      authServerUrl: 'http://localhost:8080/auth',
      realm: 'master',
      clientId: 'my-nestjs-app',
      secret: 'secret',
      policyEnforcement: PolicyEnforcementMode.PERMISSIVE,
      tokenValidation: TokenValidation.ONLINE,
    };
  } 
}

You can also register by just providing the keycloak.json path and an optional module configuration:

KeycloakConnectModule.register(`./keycloak.json`, {
  policyEnforcement: PolicyEnforcementMode.PERMISSIVE,
  tokenValidation: TokenValidation.ONLINE,
})

Guards

Register any of the guards either globally, or scoped in your controller.

Global registration using APP_GUARD token

NOTE: These are in order, see https://docs.nestjs.com/guards#binding-guards for more information.

providers: [
  {
    provide: APP_GUARD,     
    useClass: AuthGuard,
  },
  {
    provide: APP_GUARD,
    useClass: ResourceGuard,
  },
  {
    provide: APP_GUARD,
    useClass: RoleGuard,
  },
]

Scoped registration

@Controller('cats')
@UseGuards(AuthGuard, ResourceGuard)
export class CatsController {}

What does these providers do ?

AuthGuard

Adds an authentication guard, you can also have it scoped if you like (using regular @UseGuards(AuthGuard) in your controllers). By default, it will throw a 401 unauthorized when it is unable to verify the JWT token or Bearer header is missing.

ResourceGuard

Adds a resource guard, which is permissive by default (can be configured see options). Only controllers annotated with @Resource and methods with @Scopes are handled by this guard.

NOTE: This guard is not necessary if you are using role-based authorization exclusively. You can use role guard exclusively for that.

RoleGuard

Adds a role guard, can only be used in conjunction with resource guard when enforcement policy is PERMISSIVE, unless you only use role guard exclusively. Permissive by default. Used by controller methods annotated with @Roles (matching can be configured)

Configuring controllers

In your controllers, simply do:

import { Resource, Roles, Scopes, Public, RoleMatchingMode } from 'nest-keycloak-connect';
import { Controller, Get, Delete, Put, Post, Param } from '@nestjs/common';
import { Product } from './product';
import { ProductService } from './product.service';

@Controller()
@Resource(Product.name)
export class ProductController {
  constructor(private service: ProductService) {}

  @Get()
  @Public()
  async findAll() {
    return await this.service.findAll();
  }

  @Get()
  @Roles({ roles: ['admin', 'other'] })
  async findAllBarcodes() {
    return await this.service.findAllBarcodes();
  }

  @Get(':code')
  @Scopes('View')
  async findByCode(@Param('code') code: string) {
    return await this.service.findByCode(code);
  }

  @Post()
  @Scopes('Create')
  async create(@Body() product: Product) {
    return await this.service.create(product);
  }

  @Delete(':code')
  @Scopes('Delete')
  @Roles({ roles: ['admin', 'realm:sysadmin'], mode: RoleMatchingMode.ALL })
  async deleteByCode(@Param('code') code: string) {
    return await this.service.deleteByCode(code);
  }

  @Put(':code')
  @Scopes('Edit')
  async update(@Param('code') code: string, @Body() product: Product) {
    return await this.service.update(code, product);
  }
}

Decorators

Here is the decorators you can use in your controllers.

Decorator Description
@AuthenticatedUser Retrieves the current Keycloak logged-in user. (must be per method, unless controller is request scoped.)
@EnforcerOptions Keycloak enforcer options.
@Public Allow any user to use the route.
@Resource Keycloak application resource name.
@Scope Keycloak application scope name.
@Roles Keycloak realm/application roles.

Multi tenant configuration

Setting up for multi-tenant is configured as an option in your configuration:

{
  authServerUrl: 'http://localhost:8180/auth',
  clientId: 'nest-api',
  secret: 'fallback', // will be used as fallback when resolver returns null
  multiTenant: {
    realmResolver: (request) => {
      return request.get('host').split('.')[0];
    },
    realmSecretResolver: (realm) => {
      const secrets = { master: 'secret', slave: 'password' };
      return secrets[realm];
    }
  }
}

Configuration options

Keycloak Options

For Keycloak options, refer to the official keycloak-connect library.

Nest Keycloak Options

Option Description Required Default
cookieKey Cookie Key no KEYCLOAK_JWT
logLevels Built-in logger level (deprecated, will be removed in 2.0) no log
useNestLogger Use the nest logger (deprecated, will be removed in 2.0) no true
policyEnforcement Sets the policy enforcement mode no PERMISSIVE
tokenValidation Sets the token validation method no ONLINE
multiTenant Sets the options for multi-tenant configuration no -
roleMerge Sets the merge mode for @Role decorator no OVERRIDE

Multi Tenant Options

Option Description Required Default
resolveAlways Option to always resolve the realm and secret. Disabled by default. no false
realmResolver A function that passes a request (from respective platform i.e express or fastify) and returns a string yes -
realmSecretResolver A function that passes the realm string and returns the secret string yes -

Example app

An example application is provided in the source code with both Keycloak Realm and Postman requests for you to experiment with.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].