The only change between this fork and the original is the removal of the issuer check. If your local url for the auth server is different than the one your clients use, the issuer check will fail and tokens will not be verified.
While this is probably super useful and important and all that noise, there's also tons of requests on the internet requesting for some option to deal with different urls (all met with silence).
The plugin still uses the auth url from the settings to fetch the public keys, so I don't see a way in which this can be abused.
Having said that, don't use this unless you understand the risks.
Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.
This repository contains the source code for the Keycloak Node.js adapter. This module makes it simple to implement a Node.js Connect-friendly application that uses Keycloak for its authentication and authorization needs.
- Documentation
- User Mailing List - Mailing list for help and general questions about Keycloak
- JIRA - Issue tracker for bugs and feature requests
If you've found a security vulnerability, please look at the instructions on how to properly report it
If you believe you have discovered a defect in the Node.js adapter please open an issue in our Issue Tracker. Please remember to provide a good summary, description as well as steps to reproduce the issue.
To run Node.js adapter examples please try one of our quickstarts.
For more details refer to the Keycloak Documentation.
To write tests refer to the writing tests guide.
Before contributing to Node.js adapter please read our contributing guidelines.
- Keycloak - Keycloak Server and Java adapters
- Keycloak Documentation - Documentation for Keycloak
- Keycloak QuickStarts - QuickStarts for getting started with Keycloak
- Keycloak Docker - Docker images for Keycloak
- Keycloak Node.js Admin Client - Node.js library for Keycloak Admin REST API