trombini/keyloak-nodejs-example

Getting started

Run Keycloak with docker-compose.

docker-compose up -d

After it started successfully you can access it via http://localhost:8081/auth/ with username admin and password secret.

Access the services

Auth Service The endpoints for the service are:

• public - http://localhost:3001/
• secured - http://localhost:3001/secured
• admin - http://localhost:3001/admin

Oauth Client The endpoints for the service are:

• start - http://localhost:3001

Oauth Flow handeled by Keycloak-Connect

After the user gives his consent, Keycloak will respond with an HTTP 302 and redirects the user to:

http://localhost:3001/start?auth_callback=1&state=5dfa7b16-4c13-4091-84b6-212011491996&session_state=be25ba26-8445-4086-993d-0b4fed3c0eda&code=044f9831-f3d1-40a8-9c2a-c52728cbdeac.be25ba26-8445-4086-993d-0b4fed3c0eda.96512b98-ea34-4672-81d7-189f73f10ce6

The Keycloak-Connect Middleware then handles the Oauth process completely autonomous in the background.

Middleware Request to Keycloak

POST /auth/realms/acme/protocol/openid-connect/token HTTP/1.1
Host: keycloak:8081
Content-Type: application/x-www-form-urlencoded
X-Client: keycloak-nodejs-connect

client_session_state=nmUkXNnOGKhqP2QAjj-a-hmCsHw8Xsk4
&client_session_host=
&code=044f9831-f3d1-40a8-9c2a-c52728cbdeac.be25ba26-8445-4086-993d-0b4fed3c0eda.96512b98-ea34-4672-81d7-189f73f10ce6
&grant_type=authorization_code
&client_id=mobile-app
&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fstart%3Fauth_callback%3D1

HTTP/1.1 200 OK
Connection: close
Cache-Control: no-store
Pragma: no-cache
Content-Type: application/json
Content-Length: 3507
Date: Wed, 30 Oct 2019 20:11:09 GMT
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJTQkRTczZ2OUttRjFaUE1YNldyNERyMVpKYmFzVnpTbWdramZiTTBsaHVRIn0.eyJqdGkiOiJjZWJmMDBkYS1lNTIwLTRjZDgtYjQyNS1lMWViZmEyZGI5MjgiLCJleHAiOjE1NzI0NjY1NjksIm5iZiI6MCwiaWF0IjoxNTcyNDY2MjY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvYXV0aC9yZWFsbXMvYWNtZSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI0YjU1NTI5Ny02MTY5LTQxNTEtOTEwZi0zODJiMjY0ZTRkNWEiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJtb2JpbGUtYXBwIiwiYXV0aF90aW1lIjoxNTcyNDY2MjY5LCJzZXNzaW9uX3N0YXRlIjoiYmUyNWJhMjYtODQ0NS00MDg2LTk5M2QtMGI0ZmVkM2MwZWRhIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoicmljY2FyZG8gc3VwcG8iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJyaWNjYXJkb0BhY21lLmlvIiwiZ2l2ZW5fbmFtZSI6InJpY2NhcmRvIiwiZmFtaWx5X25hbWUiOiJzdXBwbyIsImVtYWlsIjoicmljY2FyZG9AYWNtZS5pbyJ9.X3BsB8wMZYEJO9FbZ1PTS1CKZGfCW6Fv0X6VWWDgUEuO_Ndi0ko2vx2NlhHtbeVzsoPTSc-vnpNL6CtNRWpP5Ubel0HpM1H6_t0KQdw_6nhWQDqlTIpXRC6qt8i7DovFpH-nXwrSfw2YQ1YdV8Qn4jfTDSnhWi00-5K4qzm69wsMHSfvJ01wAh0KlFmH0KQbRRATz2_dDJTwISGZTxWrLxAgkYk2umYhJ71iawd-5NFNhHYZbHumd1qnqHy9vByYWSxFxbD0h2SC6SSFTAyZgxRNWKVcn3TiFxM0LtSzg4713zTJ5fSlh-7x9m0vlGGuDsvTqJySNOYvPHMh6z171g","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0ZGEyYmUwNy1lYzU5LTQ0YzktOGI5My00MTJkMmZkNTI0NmMifQ.eyJqdGkiOiJiYjE2ZTBkZi01N2JmLTQ2MjktYmY2ZC0yZDk2ZGI4OGJjNjAiLCJleHAiOjE1NzI0NjgwNjksIm5iZiI6MCwiaWF0IjoxNTcyNDY2MjY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvYXV0aC9yZWFsbXMvYWNtZSIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MS9hdXRoL3JlYWxtcy9hY21lIiwic3ViIjoiNGI1NTUyOTctNjE2OS00MTUxLTkxMGYtMzgyYjI2NGU0ZDVhIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6Im1vYmlsZS1hcHAiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJiZTI1YmEyNi04NDQ1LTQwODYtOTkzZC0wYjRmZWQzYzBlZGEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwifQ.4SUMFzhV2zua7nKprkIKrwI0IrGWk-bA0SprkkrJXc4","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJTQkRTczZ2OUttRjFaUE1YNldyNERyMVpKYmFzVnpTbWdramZiTTBsaHVRIn0.eyJqdGkiOiI5NzgwNDQ0YS01ZGJiLTQyNDAtYTQ2Mi1lMTc2ZWM4OTYzNWYiLCJleHAiOjE1NzI0NjY1NjksIm5iZiI6MCwiaWF0IjoxNTcyNDY2MjY5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvYXV0aC9yZWFsbXMvYWNtZSIsImF1ZCI6Im1vYmlsZS1hcHAiLCJzdWIiOiI0YjU1NTI5Ny02MTY5LTQxNTEtOTEwZi0zODJiMjY0ZTRkNWEiLCJ0eXAiOiJJRCIsImF6cCI6Im1vYmlsZS1hcHAiLCJhdXRoX3RpbWUiOjE1NzI0NjYyNjksInNlc3Npb25fc3RhdGUiOiJiZTI1YmEyNi04NDQ1LTQwODYtOTkzZC0wYjRmZWQzYzBlZGEiLCJhY3IiOiIxIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJyaWNjYXJkbyBzdXBwbyIsInByZWZlcnJlZF91c2VybmFtZSI6InJpY2NhcmRvQGFjbWUuaW8iLCJnaXZlbl9uYW1lIjoicmljY2FyZG8iLCJmYW1pbHlfbmFtZSI6InN1cHBvIiwiZW1haWwiOiJyaWNjYXJkb0BhY21lLmlvIn0.HpjInWxgIUZctD0GhPaPd4BuVcFe2RMbi6EnlKAKMecWk31sJw5ZCPvVf7QJMjNbhFpM7UwPe6y94hOKviWl3nfpmTnQ8ArXOkQUkPAmUNsS6TSshtZaqT1Nvv-9KomKoY0wCvrFG752NJxw_LMHT6pWqqJIreCPv1GY1tU24BlwUju8imm5lGiJpA3Db1SMJltEDoWu7_XkxZVUSuOW-Uulj3suUk4iSEUCaRvN0QLnQH9easpC92FXDVi_KkoCRO8hdBPkn1pIbp46wR6Qp04whJss-5qwLy00SZZfYvuhMEzcoadww5deL5ncvRnXXOOER_ywinOVoqW5H2wC3Q","not-before-policy":0,"session_state":"be25ba26-8445-4086-993d-0b4fed3c0eda","scope":"openid profile email"}