1

我正在尝试使用keycloak-connect将 Keycloak 身份验证添加到我的 ApolloServer 。我已经设置了我的领域并从localhost:8080/auth. 但是,我在从上下文函数中的请求中获取 kauth 时遇到问题:

目前我有以下设置:

   const kcConfig = {
        clientId: process.env.KEYCLOAK_CLIENT_ID,
        serverUrl: `localhost:808/auth`,
        realm: process.env.KEYCLOAK_REALM,
        realmPublicKey: process.env.KEYCLOAK_REALM_PUBLIC_KEY, 
    }

    const memoryStore = new session.MemoryStore()

    app.use(session({
        secret: process.env.SESSION_SECRET_STRING || 'this should be a long secret',
        resave: false,
        saveUninitialized: true,
        store: memoryStore
    }))

    const keycloak = new Keycloak({
        store: memoryStore
    }, kcConfig as any)

    // Install general keycloak middleware
    app.use(keycloak.middleware({
        admin: graphqlPath
    }))
    
    // Protect the main route for all graphql services
    // Disable unauthenticated access
    app.use(graphqlPath, keycloak.middleware())

然后我尝试req.kauth在上下文中访问,例如:

export interface GrantedRequest extends Request {
  kauth : {grant?: Grant};
}

const server = new ApolloServer({
    engine: {
        graphVariant: "current"
    },
    context: ({req, res} : {
        req: GrantedRequest,
        res: any
    }) => {
      console.log(req.kauth) // this line prints an empty object
      return {
        req,
        res,
        kauth: req.auth
      }
    },
    schema,
    playground: {
        settings: {
            "request.credentials": "same-origin"
        }
    }
});

但是,我无法从我的请求中检索 kauth 属性。我该如何解决这个问题?

4

1 回答 1

2

在您定义受保护的资源之前,不会使用 Keycloak 身份验证。比较https://github.com/keycloak/keycloak-nodejs-connect/blob/master/keycloak.js#L92中的评论

因为您只定义keycloak.middleware()功能,并不意味着您的资源受到保护。

要实现登录并从 keycloak 接收访问令牌,您需要使用keycloak.protect()orkeycloak.checkSso()keycloak.enforcer()。因此,您必须将这些作为请求处理程序分配给任一 URL

app.get('/proteced-resource', keycloak.protect())

或申请

app.use(keycloak.protect()).

于 2021-07-06T10:10:05.673 回答