As a developer, I want a `sso-express` package to add to my express/react application

[matthieu-foucault]

Description

To be added in a packages folder in the repo

• design server side API

  
  const ssoUtils = require('@bcgov-cas/sso-express');

const {keycloak, ssoMiddleware} = new ssoUtils({ // options here sessionStore, keycloakConfig, getLandingRoute = (req) => // .... , mockAuthentication: false // set to true if you want to bypass auth in dev environments, maybe allow fine-tuning to mock specific features (e.g. login route, timeout route) routes: { login: '/login', logout: '/logout', register: '/register', // allow true/false to disable the register route. Disabled by default, set to true or a string to enable, sessionIdleRemainingTime: // extendSession: // } });

server.use(ssoMiddleware);

server.get('/my-protected-route', keycloak.protect());

    - login / logout routes. Supports custom callbacks & exceptions
    - register route
    - `/extend-session` and `/session-idle-remaining-time` routes 
- select client-side components to be extracted to package - all using the Button component library https://github.com/button-inc/service-development-toolkit
    - login button
    - logout button 
    - register button
    - session-timeout modal
    - session-refresher component that registers to user events
- look for GH actions to automatically publish to NPM

AC:
- [x] API as designed is implemented
- [x] All the components as designed are implemented
- [x] the package exposes a server component
- [x] the ggircs team has an account and a token to publish to NPM https://docs.npmjs.com/creating-and-viewing-access-tokens
- [x] the package is published automatically to npm (which is a GitHub subsidiary) https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
- [x] the package is documented and has at least one example of usage

[matthieu-foucault]

Hey team! Please add your planning poker estimate with ZenHub @dleard @naomiaro @pbastia

[pbastia]

Moving this back to the backlog - keycloak connect doesn't work quite as anticipated and extends the session on any request no matter what. changes to make:

• remove /extend-session endpoint (since a call to /session-idle-remaining-time would do the same)
• update documentation to highlight the fact that any request (or call to Keycloak.getGrant() ) extends the session if the refresh token is expired