From 94b0121efaf9d5d0bb1b201dc72368bbaad3416a Mon Sep 17 00:00:00 2001
From: D4uS1 <36318394+D4uS1@users.noreply.github.com>
Date: Fri, 30 Aug 2019 20:26:34 +0200
Subject: [PATCH] feat: add keycloak auth provider (#1004)

* added custom keycloak authentication.

* update readme.

* updated readme.

* reverted README for PR.

* fix: use async/await

* changed callback parameter name from done to cb.

* fix: keycloak description + website

* fix: keycloak logo
---
 package.json                                  |  1 +
 .../authentication/keycloak/authentication.js | 41 +++++++++++++++++++
 .../authentication/keycloak/definition.yml    | 17 ++++++++
 3 files changed, 59 insertions(+)
 create mode 100644 server/modules/authentication/keycloak/authentication.js
 create mode 100644 server/modules/authentication/keycloak/definition.yml

diff --git a/package.json b/package.json
index c67db639..d3fb934e 100644
--- a/package.json
+++ b/package.json
@@ -36,6 +36,7 @@
   "dependencies": {
     "@aoberoi/passport-slack": "1.0.5",
     "@bugsnag/js": "6.4.0",
+    "@exlinc/keycloak-passport": "1.0.2",
     "algoliasearch": "3.33.0",
     "apollo-fetch": "0.7.0",
     "apollo-server": "2.9.0",
diff --git a/server/modules/authentication/keycloak/authentication.js b/server/modules/authentication/keycloak/authentication.js
new file mode 100644
index 00000000..d2bab738
--- /dev/null
+++ b/server/modules/authentication/keycloak/authentication.js
@@ -0,0 +1,41 @@
+const _ = require('lodash')
+
+/* global WIKI */
+
+// ------------------------------------
+// Keycloak Account
+// ------------------------------------
+
+const KeycloakStrategy = require('@exlinc/keycloak-passport')
+
+module.exports = {
+  init (passport, conf) {
+    passport.use('keycloak',
+      new KeycloakStrategy({
+	      authorizationURL: conf.authorizationURL,
+	      userInfoURL: conf.userInfoURL,
+        tokenURL: conf.tokenURL,
+	      host: conf.host,
+        realm: conf.realm,
+        clientID: conf.clientId,
+        clientSecret: conf.clientSecret,
+        callbackURL: conf.callbackURL
+      }, async (accessToken, refreshToken, profile, cb) => {
+        try {
+          const user = await WIKI.models.users.processProfile({
+            profile: {
+              id: profile.keycloakId,
+              email: profile.email,
+              name: profile.username,
+              picture: ''
+            },
+            providerKey: 'keycloak'
+          })
+          cb(null, user)
+        } catch (err) {
+          cb(err, null)
+        }
+      })
+    )
+  }
+}
diff --git a/server/modules/authentication/keycloak/definition.yml b/server/modules/authentication/keycloak/definition.yml
new file mode 100644
index 00000000..1c581a77
--- /dev/null
+++ b/server/modules/authentication/keycloak/definition.yml
@@ -0,0 +1,17 @@
+key: keycloak
+title: Keycloak
+description: Keycloak is an open source software product to allow single sign-on with Identity Management and Access Management aimed at modern applications and services.
+author: D4uS1
+logo: https://static.requarks.io/logo/keycloak.svg
+color: blue-grey darken-2
+website: https://www.keycloak.org/
+useForm: false
+isAvailable: true
+props:
+  host: String
+  realm: String
+  clientId: String
+  clientSecret: String
+  authorizationURL: String
+  userInfoURL: String
+  tokenURL: String