Nodejs express router and get api Authentication Using Keycloak
Im going to explain in this post how to setup keycloak to protect your express router and get apis. first of all lets dig little bit around keycloak and express. Keycloak is an open source identity and access management solution that makes it easy to secure applications or microservices with little to no code. Express is a minimal and flexible Node.js web application framework.
Setup Keycloak Server.
1. Download Keycloak docker file2. Run Keycloak docker image.
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8080:8080 jboss/keycloak
3. Access to keycloak using this url http://localhost:8080/auth/
User name and pass word is : admin
4. Create a new Realm. Ex: "express-demo".
5. Under created realm create a client. Ex : "express-work-demo" .
6. under setting tab provide these details.
client protocol = openid-connect
access type = public
valid redirect urls = http://localhost:8000/*
7. Once the client is created click the Installation tab, select Keycloak OIDC JSON for Format Option, and then click Download.
8. The downloaded keycloak.json file should be placed at the root folder of your project. This is sample keycloak.json file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "realm": "express-demo", | |
| "auth-server-url": "http://localhost:8080/auth", | |
| "ssl-required": "external", | |
| "resource": "express-work-demo", | |
| "public-client": true, | |
| "confidential-port": 0 | |
| } |
Setup Express application
1. install keycloak-connect npm in your express application use the following command
npm i keycloak-connect
2. You need to import keycloak-connect and express-sessions into your express application.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const Keycloak = require('keycloak-connect'); | |
| const session = require('express-session'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var memoryStore = new session.MemoryStore(); | |
| var keycloak = new Keycloak({ | |
| store: memoryStore | |
| }); | |
| app.use(session({ | |
| secret: "whatever", | |
| resave: false, | |
| saveUninitialized: false | |
| })); | |
| app.use(keycloak.middleware()); |
4. You can then use keycloak.protect on your protected routes . If you are access from Web This will check to see if a user is logged in on the keycloak server and redirect to the route. If a user is not logged in the server will redirect to the keycloak login page. User can create new accounts by clicking on the register link on the login page.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //if you use router then you can protect it like this | |
| app.use('/api/router', keycloak.protect(), apiRouter); | |
| //get api protected with Keycloak | |
| app.get('/api/getreq', keycloak.protect(), function (req, res) { | |
| res.send("Pass data as response in here"); | |
| console.log("User email : " + req.kauth.grant.id_token.content.email); | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| ├── app.js | |
| ├── keycloak.json | |
| ├── package.json | |
| └── router | |
| └── api.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| const Keycloak = require('keycloak-connect'); | |
| const express = require('express'); | |
| const session = require('express-session'); | |
| var apiRouter = require('./router/api'); | |
| const app = express(); | |
| var memoryStore = new session.MemoryStore(); | |
| var keycloak = new Keycloak({ | |
| store: memoryStore | |
| }); | |
| // session | |
| app.use(session({ | |
| secret: "whatever", | |
| resave: false, | |
| saveUninitialized: false | |
| })); | |
| app.use(keycloak.middleware()); | |
| //if you use router then you can protect it like this | |
| app.use('/api/router', keycloak.protect(), apiRouter); | |
| //get api protected with Keycloak | |
| app.get('/api/getreq', keycloak.protect(), function (req, res) { | |
| res.send("Pass data as response in here"); | |
| console.log("User email : " + req.kauth.grant.id_token.content.email); | |
| }); | |
| app.listen(8000, function () { | |
| console.log('Listening at http://localhost:8000'); | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var express = require('express'); | |
| var router = express.Router(); | |
| router.get('/', function (req, res, next) { | |
| res.send("This was called through router."); | |
| }); | |
| module.exports = router; |
This is how you make Bearer Token request.
Copy Access Token then add it to postman request Authorization header
nice informative post. Thanks you for sharing.
ReplyDeleteWe are an experienced team in one of the Best software company and product specialist for software development and implementation.
Wordpress Development
NodeJS Development