express-gateway-keycloak

Keycloak plugin for express gateway

Usage no npm install needed!

<script type="module">
  import expressGatewayKeycloak from 'https://cdn.skypack.dev/express-gateway-keycloak';
</script>

README

Keycloak plugins for Express-gateway: express-gateway-plugin-keycloak

Dependency Status

This project is a plugin to integrate Keycloak NodeJS Adapter in Express-Gateway

Usage

Common

You want to apply the same authentication strategy for your apigateway instance (ex: microprofile architecture)

  • add to system.config.yml
express-gateway-keycloak:
package: express-gateway-keycloak
keycloakConfig:
    realm: "..."
    auth-server-url: "..."
    ssl-required: none
    bearer-only: false
    client-id: "..."
    confidential-port: 0
    realmPublicKey: "..."
  • add to gateway.config.yml
policies:
  - keycloak-protect
...
  marketplace-api:
    apiEndpoints:
      - api
    policies:
      - keycloak-protect:

Multiple authentication profiles

You want to apply different authentication strategies depending endpoints (ex: monolithic architecture)

  • add to system.config.yml
  express-gateway-keycloak-api:
    package: express-gateway-keycloak
    # Provide unique policy id
    registerName: keycloak-protect-api
    # Define paths impacted by this keycloak configuration
    paths: 
      - /myapi/v1/
    # Keycloak configuration for this profile  
    keycloakConfig: 
      realm: "..."
      auth-server-url: "..."
      ssl-required: none
      bearer-only: true
      public-client: false
      confidential-port: 0
      client-id: "..."
      secret: "..."
      realmPublicKey: "..."

  express-gateway-keycloak-admin:
    package: express-gateway-keycloak
    # Provide unique policy id
    registerName: keycloak-protect-admin
    # Define paths impacted by this keycloak configuration
    paths: 
      - /admin
    keycloakConfig:
      realm: "..."
      auth-server-url: "..."
      ssl-required: none
      bearer-only: false
      public-client: true
      client-id: "..."
      confidential-port: 0
      realmPublicKey: "..."

  • add to gateway.config.yml
policies:
  - keycloak-protect-api
  - keycloak-protect-admin
pipelines:
  marketplace-api:
    apiEndpoints:
      - api
    policies:
      - keycloak-protect-api:
      - expression:
        - action:
            jscode: 'req.headers["X-Auth-Username"] = req.kauth.grant.access_token.content.preferred_username;'
...
  marketplace-admin:
    apiEndpoints:
      - admin
    policies:
      - keycloak-protect-admin:

Development

  • Quality control
npm run check
  • Compilation
npm run compile

Changelog

0.1.0

  • apply TypeScript standard (quality contraints)
  • add readme and badge
  • support multiple authentification profiles

License