search

ferrerojosh / nest-keycloak-connect

keycloak-nodejs-connect module for Nest
MIT License
317 stars 123 forks source link

Deprecation of Keycloak OpenID Connect Node.js Adapter #110

Open sirkrypt0 opened 2 years ago

sirkrypt0 commented 2 years ago

First, thanks for your work on this library!

According to the official Deprecation of Keycloak adapters post (and the corresponding GitHub discussion), the keycloak-nodejs-connect adapter (which this library relies on) is now being deprecated and will receive major/minor releases only until September 2022.

Even though they are still looking around for the best alternative for users, they suggest the openid-client package in the mentioned blog post.

I'm kindly asking whether you plan on migrating this library to an alternative, such as the openid-client package.

ferrerojosh commented 2 years ago

I think the proper move would be to implement calling Keycloak's authorization API ourselves instead of relying on their official Node.js adapter. I assume authorization services won't be going away soon. The implementation is all there and all we need to do is move over the implementation into typescript and use an http client (i.e axios or node net)

Toilal commented 2 years ago

I think the proper move would be to implement calling Keycloak's authorization API ourselves instead of relying on their official Node.js adapter.

Maybe this code should go in another standalone repo without nest dependencies ? This could also implement a passport strategy, as passport is the recommanded way to bring authentication in NestJS (according to official docs).

SebastianSchenk commented 2 years ago

According to the official deprecation announcement, openid-client seams to be the recommended library for nodejs. Maybe it makes sense to use this as the underlying library.

ferrerojosh commented 2 years ago

We could probably migrate most parts to openid-client but it could not be said the same for Keycloak's authorization services.

Toilal commented 1 year ago

I just released a very first version of an OpenID Connect passport strategy here.

It is tested against keycloak and can replace the JWT Token verification of official (and deprecated) keycloak node.js adapter.

I plan to add more packages in this repository with a single objective in mind for now : have the same features as nest-keycloak-connect, but without relying on keycloak-connect deprecated package.

MarcosPauloSouzaMiranda commented 1 year ago

Hello,

Are there any upgrade expectations to address the deprecated library?