wiki/server/modules/authentication/keycloak/authentication.js

const _ = require('lodash')

/* global WIKI */

// ------------------------------------
// Keycloak Account
// ------------------------------------

const KeycloakStrategy = require('@exlinc/keycloak-passport')

module.exports = {
  init (passport, conf) {
    passport.use(conf.key,
      new KeycloakStrategy({
        authorizationURL: conf.authorizationURL,
        userInfoURL: conf.userInfoURL,
        tokenURL: conf.tokenURL,
        host: conf.host,
        realm: conf.realm,
        clientID: conf.clientId,
        clientSecret: conf.clientSecret,
        callbackURL: conf.callbackURL,
        passReqToCallback: true
      }, async (req, accessToken, refreshToken, results, profile, cb) => {
        let displayName = profile.username
        if (_.isString(profile.fullName) && profile.fullName.length > 0) {
          displayName = profile.fullName
        }
        try {
          const user = await WIKI.models.users.processProfile({
            providerKey: req.params.strategy,
            profile: {
              id: profile.keycloakId,
              email: profile.email,
              name: displayName,
              picture: ''
            }
          })
          req.session.keycloak_id_token = results.id_token
          cb(null, user)
        } catch (err) {
          cb(err, null)
        }
      })
    )
  },
  logout (conf, context) {
    if (!conf.logoutUpstream) {
      return '/'
    } else if (conf.logoutURL && conf.logoutURL.length > 5) {
      const idToken = context.req.session.keycloak_id_token
      const redirURL = encodeURIComponent(WIKI.config.host)
      if (conf.logoutUpstreamRedirectLegacy) {
        // keycloak < 18
        return `${conf.logoutURL}?redirect_uri=${redirURL}`
      } else if (idToken) {
        // keycloak 18+
        return `${conf.logoutURL}?post_logout_redirect_uri=${redirURL}&id_token_hint=${idToken}`
      } else {
        // fall back to no redirect if keycloak_id_token isn't available
        return conf.logoutURL
      }
    } else {
      WIKI.logger.warn('Keycloak logout URL is not configured!')
      return '/'
    }
  }
}
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`const _ = require('lodash')`

			`/* global WIKI */`

			`// ------------------------------------`
			`// Keycloak Account`
			`// ------------------------------------`

			`const KeycloakStrategy = require('@exlinc/keycloak-passport')`

			`module.exports = {`
			`init (passport, conf) {`
fix: handle multi social auth strategies 3 years ago			`passport.use(conf.key,`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`new KeycloakStrategy({`
feat: social login providers with dynamic instances 4 years ago			`authorizationURL: conf.authorizationURL,`
			`userInfoURL: conf.userInfoURL,`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`tokenURL: conf.tokenURL,`
feat: social login providers with dynamic instances 4 years ago			`host: conf.host,`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`realm: conf.realm,`
			`clientID: conf.clientId,`
			`clientSecret: conf.clientSecret,`
feat: social login providers with dynamic instances 4 years ago			`callbackURL: conf.callbackURL,`
			`passReqToCallback: true`
fix(auth): keycloak authentication post logout redirect for Keycloak 18+ (#5878) 1 year ago			`}, async (req, accessToken, refreshToken, results, profile, cb) => {`
fix: use fullname from keycloak profile info with username as fallback (#1888) 5 years ago			`let displayName = profile.username`
			`if (_.isString(profile.fullName) && profile.fullName.length > 0) {`
			`displayName = profile.fullName`
			`}`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`try {`
			`const user = await WIKI.models.users.processProfile({`
feat: social login providers with dynamic instances 4 years ago			`providerKey: req.params.strategy,`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`profile: {`
			`id: profile.keycloakId,`
			`email: profile.email,`
fix: use fullname from keycloak profile info with username as fallback (#1888) 5 years ago			`name: displayName,`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`picture: ''`
feat: social login providers with dynamic instances 4 years ago			`}`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`})`
fix(auth): keycloak authentication post logout redirect for Keycloak 18+ (#5878) 1 year ago			`req.session.keycloak_id_token = results.id_token`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`cb(null, user)`
			`} catch (err) {`
			`cb(err, null)`
			`}`
			`})`
			`)`
feat: logout by auth strategy + keycloak implementation 4 years ago			`},`
fix(auth): keycloak authentication post logout redirect for Keycloak 18+ (#5878) 1 year ago			`logout (conf, context) {`
feat: logout by auth strategy + keycloak implementation 4 years ago			`if (!conf.logoutUpstream) {`
			`return '/'`
			`} else if (conf.logoutURL && conf.logoutURL.length > 5) {`
fix(auth): keycloak authentication post logout redirect for Keycloak 18+ (#5878) 1 year ago			`const idToken = context.req.session.keycloak_id_token`
			`const redirURL = encodeURIComponent(WIKI.config.host)`
			`if (conf.logoutUpstreamRedirectLegacy) {`
			`// keycloak < 18`
			return `${conf.logoutURL}?redirect_uri=${redirURL}`
			`} else if (idToken) {`
			`// keycloak 18+`
			return `${conf.logoutURL}?post_logout_redirect_uri=${redirURL}&id_token_hint=${idToken}`
			`} else {`
			`// fall back to no redirect if keycloak_id_token isn't available`
			`return conf.logoutURL`
			`}`
feat: logout by auth strategy + keycloak implementation 4 years ago			`} else {`
			`WIKI.logger.warn('Keycloak logout URL is not configured!')`
			`return '/'`
			`}`
feat: add keycloak auth provider (#1004) * added custom keycloak authentication. * update readme. * updated readme. * reverted README for PR. * fix: use async/await * changed callback parameter name from done to cb. * fix: keycloak description + website * fix: keycloak logo 5 years ago			`}`
			`}`