Gathering detailed insights and metrics for @exlinc/keycloak-passport
Gathering detailed insights and metrics for @exlinc/keycloak-passport
Installations
npm install @exlinc/keycloak-passportReleases
Unable to fetch releases
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
8.10.0
NPM Version
6.1.0
Statistics
98 Stars
7 Commits
22 Forks
4 Watching
1 Branches
1 Contributors
Updated on 13 Oct 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
1,239,980
Last day
-12.1%
349
Compared to previous day
Last week
-21.8%
2,998
Compared to previous week
Last month
66.8%
13,155
Compared to previous month
Last year
0.3%
201,855
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
Keycloak Passport Strategy - oAuth2/OIDC
This library offers a production-ready and maintained Keycloak Passport connector that offers the following key features:
-
Use multiple realms in the same application (multi-tenancy)
-
Use with oAuth2/Open ID Connect 'clients' in keycloak
-
Fetch users' data from keycloak automatically via the JSON API
Listed Keycloak Extension
Check it out on keycloak.org
Why? Hasn't this already been done?
To a certain extent, yes. There are about 3 to 4 repos that brand themselves as 'Keycloak Passport', yet not a single one of them is actively maintained and most of them are either completely empty, don't allow using multiple realms, only implement part of the protocol, and/or don't fetch the user's data from Keycloak. There also exists a dedicated NodeJS connector by the Keycloak project itself, however, it is unusable if you are seeking to have Keycloak as 'yet another' passport strategy in your app. This project fills that gap.
Usage
Install
1npm install @exlinc/keycloak-passport
Import
1import KeycloakStrategy from "@exlinc/keycloak-passport";
Initialize
1// Register the strategy with passport 2passport.use( 3 "keycloak", 4 new KeycloakStrategy( 5 { 6 host: process.env.KEYCLOAK_HOST, 7 realm: process.env.KEYCLOAK_REALM, 8 clientID: process.env.KEYCLOAK_CLIENT_ID, 9 clientSecret: process.env.KEYCLOAK_CLIENT_SECRET, 10 callbackURL: `/api${AUTH_KEYCLOAK_CALLBACK}` 11 }, 12 (accessToken, refreshToken, profile, done) => { 13 // This is called after a successful authentication has been completed 14 // Here's a sample of what you can then do, i.e., write the user to your DB 15 User.findOrCreate({ email: profile.email }, (err, user) => { 16 assert.ifError(err); 17 user.keycloakId = profile.keycloakId; 18 user.imageUrl = profile.avatar; 19 user.name = profile.name; 20 user.save((err, savedUser) => done(err, savedUser)); 21 }); 22 } 23 ) 24);
Routes
1router.get( 2 routes.AUTH_KEYCLOAK, 3 passport.authenticate("keycloak", DEFAULT_PASSPORT_OPTIONS) 4); 5router.get( 6 routes.AUTH_KEYCLOAK_CALLBACK, 7 passport.authenticate("keycloak", DEFAULT_PASSPORT_OPTIONS), 8 AuthController.keyCloakSuccess 9);
Compatability with next-auth
There are some known issues with using this passportjs strategy with the latest versions of next-auth. Follow the discussion here.
Contributing/feedback
All forms of contribution are welcome via Issues and Pull-requests to this repo
No vulnerabilities found.
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE:1
- Info: FSF or OSI recognized license: LICENSE:1
Reason
no dangerous workflow patterns detected
Reason
tokens are read-only in GitHub workflows
Details
- Info: Medium severity: no workflows found in the repository
- Info: High severity: no workflows found in the repository
Reason
all dependencies are pinned
Details
- Info: GitHub-owned GitHubActions are pinned
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
no binaries found in the repo
Reason
0 commit(s) out of 7 and 0 issue activity out of 10 found in the last 90 days -- score normalized to 0
Reason
found 7 unreviewed human changesets
Reason
no badge detected
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Score
5.2
/10
Last Scanned on 2023-03-01
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More