Integrate keycloak with Nest controllers and manage keycloak with the admin module
This module provide decorators to intercept keycloak tokens
$ npm i --save ib-nest-keycloak keycloak-connect
// session.ts
import * as expressSession from 'express-session';
// DON'T use this in PRODUCTION
const memoryStore = new expressSession.MemoryStore();
export const session = expressSession({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: memoryStore
})
// main.ts
app.use(session);
// app.module.ts
import { KeycloakModule } from 'nest-keycloak';
import { session } from './session';
@Module({
imports: [
KeycloakModule.forRoot({
serverUrl: 'http://localhost:8080/auth',
realm: 'master',
clientId: 'admin-cli',
session
}),
],
controllers: [SecureController]
})
export class AppModule{}
// secure.controller.ts
import { Authenticated, User, KeycloakUser } from 'nest-keycloak';
import { Controller, Get, Post, Put, Delete } from '@nestjs/common';
@Controller()
export class SecureController {
@Get()
find(@User() user: KeycloakUser) {
// if the keycloak token is present user will be a valid keycloak user
// if not user.isAnonymous() => true
}
@Post()
@Authenticated()
create(@User() user: KeycloakUser) {
// Get here if is a valid authentication
}
@Put()
@Authenticated('admin')
update(@User() user: KeycloakUser) {
// Get here if is admin
}
@Delete()
@Authenticated('admin', 'superadmin')
update(@User() user: KeycloakUser) {
// Get here if is admin or superadmin
}
}
@Controller()
@Authenticated('admin')
export class AdminController {
@Put()
update(@User() user: KeycloakUser) {
// Get here if is admin
}
@Delete()
@Authenticated('guest') // Override
update(@User() user: KeycloakUser) {
// Get here if is guest
}
}
$ npm i --save nest-keycloak keycloak-admin
This module provide an interface to work with 'keycloak-admin'
// app.module.ts
import { KeycloakAdminModule } from 'nest-keycloak/admin';
@Module({
imports: [
KeycloakAdminModule.forRoot({
serverUrl: 'http://localhost:8080/auth',
realm: 'master',
adminPwd: process.env.KEYCLOAK_ADMIN_PASSWORD
}),
],
providers: [UsersService]
})
export class AppModule{}
// users.service.ts
import { Module, Injectable } from '@nestjs/common';
import KeycloakAdminService from 'nest-keycloak/admin';
import KcAdminClient from '@keycloak/keycloak-admin-client';
@Injectable()
export class UsersService {
constructor(keycloak: KeycloakAdminService) {}
getUsers(): Promise<any> {
const client: KcAdminClient = await service.client();
return client.users.find();
}
}
import { KeycloakConfigAdapter } from "nest-keycloak";
import { KeycloakAdminAdapter } from "nest-keycloak/admin";
import KcAdminClient from '@keycloak/keycloak-admin-client';
const cadapter = new KeycloakConfigAdapter({
serverUrl: 'http://localhost:8080/auth',
adminPwd: 'admin'
});
const config = await cadapter.resolve();
const adapter = new KeycloakAdminAdapter(config);
const client = await adapter.client();