alma/NeahNew
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

equipes keycloak flow

Browse Source
This commit is contained in:
alma 2025-05-03 17:22:34 +02:00
parent f2260ba8fb
commit 15f976d134
1 changed files with 40 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lib/keycloak.ts
View File

@ -35,43 +35,67 @@ export async function getKeycloakAdminClient(): Promise<KcAdminClient> {
throw new Error('Missing Keycloak URL configuration'); throw new Error('Missing Keycloak URL configuration');
} }
if (!adminClientId || !adminUsername || !adminPassword || !realmName) { if (!adminClientId || !realmName) {
const missing = []; const missing = [];
if (!adminClientId) missing.push('KEYCLOAK_CLIENT_ID'); if (!adminClientId) missing.push('KEYCLOAK_CLIENT_ID');
if (!adminUsername) missing.push('KEYCLOAK_ADMIN_USERNAME');
if (!adminPassword) missing.push('KEYCLOAK_ADMIN_PASSWORD');
if (!realmName) missing.push('KEYCLOAK_REALM'); if (!realmName) missing.push('KEYCLOAK_REALM');
console.error(`Missing Keycloak admin credentials in .env: ${missing.join(', ')}`); console.error(`Missing Keycloak client credentials in .env: ${missing.join(', ')}`);
throw new Error('Missing Keycloak admin credentials'); throw new Error('Missing Keycloak client credentials');
} }
console.log(`Connecting to Keycloak at ${keycloakUrl}, realm: ${realmName}`); // We'll try various authentication methods depending on what credentials we have
if (!clientSecret && (!adminUsername || !adminPassword)) {
console.error('Missing credentials for Keycloak authentication. Need either a client secret or username/password.');
throw new Error('Missing Keycloak authentication credentials');
}
console.log(`Connecting to Keycloak at ${keycloakUrl}, realm: ${realmName}, client: ${adminClientId}`);
try { try {
const kcAdminClient = new KcAdminClient({ const kcAdminClient = new KcAdminClient({
baseUrl: keycloakUrl, baseUrl: keycloakUrl,
realmName: 'master', // Use master realm to manage other realms realmName: 'master', // Use master realm for admin operations
});
// Log auth configuration (don't log the actual secret or password)
console.log('Auth configuration:', {
clientId: adminClientId,
hasClientSecret: !!clientSecret,
hasUsername: !!adminUsername,
hasPassword: !!adminPassword,
authUrl: `${keycloakUrl}/realms/master/protocol/openid-connect/token`
}); });
// Authenticate admin client // Authenticate admin client
const authParams: Credentials = { let authParams: Credentials;
clientId: adminClientId,
username: adminUsername,
password: adminPassword,
grantType: 'password',
};
// Add client secret if available // If we have a client secret, try to use client credentials grant
if (clientSecret) { if (clientSecret) {
authParams.clientSecret = clientSecret; console.log('Using client credentials grant with client secret');
authParams = {
clientId: adminClientId,
clientSecret: clientSecret,
grantType: 'client_credentials'
};
} else {
// Fall back to password grant
console.log('Using password grant without client secret');
authParams = {
clientId: adminClientId,
username: adminUsername,
password: adminPassword,
grantType: 'password'
};
} }
await kcAdminClient.auth(authParams); await kcAdminClient.auth(authParams);
console.log('Successfully authenticated with Keycloak admin client'); console.log('Successfully authenticated with Keycloak admin client');
// Set the target realm to work with // Now that we're authenticated, we can specify the realm we want to work with
// This could be different from the authentication realm (master)
console.log(`Setting target realm to: ${realmName}`);
kcAdminClient.setConfig({ kcAdminClient.setConfig({
realmName: realmName, realmName: realmName,
}); });