equipes keycloak flow
This commit is contained in:
parent
4583f183c4
commit
df644fd72d
@ -53,37 +53,51 @@ export async function getKeycloakAdminClient(): Promise<KcAdminClient> {
|
|||||||
console.log(`Connecting to Keycloak at ${keycloakUrl}, realm: ${realmName}, client: ${clientId}`);
|
console.log(`Connecting to Keycloak at ${keycloakUrl}, realm: ${realmName}, client: ${clientId}`);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Create and configure the admin client
|
// Create and configure the admin client - we have already validated realmName is defined above
|
||||||
const kcAdminClient = new KcAdminClient({
|
const kcAdminClient = new KcAdminClient({
|
||||||
baseUrl: keycloakUrl,
|
baseUrl: keycloakUrl,
|
||||||
realmName: 'master', // Start with master realm for auth
|
realmName: realmName!, // Non-null assertion since we validated above
|
||||||
});
|
});
|
||||||
|
|
||||||
// Try client credentials first if available (preferred method)
|
// Try to authenticate directly with a token from the token endpoint
|
||||||
|
console.log('Authenticating with direct token fetch');
|
||||||
|
|
||||||
|
const tokenUrl = `${keycloakUrl}/realms/${realmName}/protocol/openid-connect/token`;
|
||||||
|
const formData = new URLSearchParams();
|
||||||
|
|
||||||
|
// clientId is validated above, so it's safe to use non-null assertion
|
||||||
|
formData.append('client_id', clientId!);
|
||||||
|
|
||||||
if (clientSecret) {
|
if (clientSecret) {
|
||||||
console.log('Authenticating with client credentials');
|
formData.append('client_secret', clientSecret);
|
||||||
await kcAdminClient.auth({
|
formData.append('grant_type', 'client_credentials');
|
||||||
clientId,
|
} else if (adminUsername && adminPassword) {
|
||||||
clientSecret,
|
formData.append('username', adminUsername);
|
||||||
grantType: 'client_credentials',
|
formData.append('password', adminPassword);
|
||||||
});
|
formData.append('grant_type', 'password');
|
||||||
}
|
} else {
|
||||||
// Fall back to password grant
|
// This should never happen due to validation above
|
||||||
else if (adminUsername && adminPassword) {
|
throw new Error('No valid authentication method available');
|
||||||
console.log('Authenticating with password grant');
|
|
||||||
await kcAdminClient.auth({
|
|
||||||
clientId,
|
|
||||||
username: adminUsername,
|
|
||||||
password: adminPassword,
|
|
||||||
grantType: 'password',
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Now that we're authenticated, set the target realm
|
const response = await fetch(tokenUrl, {
|
||||||
kcAdminClient.setConfig({
|
method: 'POST',
|
||||||
realmName,
|
headers: {
|
||||||
|
'Content-Type': 'application/x-www-form-urlencoded',
|
||||||
|
},
|
||||||
|
body: formData,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
if (!response.ok) {
|
||||||
|
const errorData = await response.json().catch(() => ({}));
|
||||||
|
throw new Error(`Authentication failed: ${errorData.error || response.statusText}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
const tokenData = await response.json();
|
||||||
|
|
||||||
|
// Set the token manually
|
||||||
|
kcAdminClient.setAccessToken(tokenData.access_token);
|
||||||
|
|
||||||
// Test that authentication worked with a simple request
|
// Test that authentication worked with a simple request
|
||||||
await kcAdminClient.users.find({ max: 1 });
|
await kcAdminClient.users.find({ max: 1 });
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user