search

ferrerojosh / nest-keycloak-connect

keycloak-nodejs-connect module for Nest
MIT License
310 stars 123 forks source link

Allow fallback configuration for KeycloakConnectModule #140

Open blured75 opened 1 year ago

blured75 commented 1 year ago

Hello,

First of all, thanks a lot for this module. I've got however a proposition to extend this module : It would super helpful, that we can set 2 configurations for KCM. I mean one standard and the other in case of any problem with the first. The idea is to make the query with the first configuration and if there is anykind of problem like technical error or user rejected or not authorized, the fallback configuration could be used automatically.

The idea is that in my NestJs application I need to authenticate the "normal" user and the "technical" ones with the same endpoints. The "normal" ones use a KC Client with a signed JWT Authenticator and the "technical" ones with a clientId & Secret.

Current configuration in my app.module.ts

KeycloakConnectModule.registerAsync({
      useFactory: (configService: ConfigService) => {
        return {
          authServerUrl: configService.get('KEYCLOAK_URL'),
          realm: 'b2b',
          clientId: 'normal-service',
          secret: 'not-set',
          cookieKey: 'KEYCLOAK_JWT',
          logLevels: ['warn'],
          tokenValidation: TokenValidation.OFFLINE,
        };
      },
      imports: [ConfigModule],
      inject: [ConfigService],
    }),

What I would expect - something like

 KeycloakConnectModule.registerAsync({
      useFactory: (configService: ConfigService) => {
        return [{
          authServerUrl: configService.get('KEYCLOAK_URL'),
          realm: 'b2b',
          clientId: 'normal-service',
          secret: 'not-set',
          cookieKey: 'KEYCLOAK_JWT',
          logLevels: ['warn'],
          tokenValidation: TokenValidation.OFFLINE,
        },
        {
          authServerUrl: configService.get('KEYCLOAK_URL'),
          realm: 'b2b',
          clientId: 'fallback-service',
          secret: 'not-set',
          cookieKey: 'KEYCLOAK_JWT',
          logLevels: ['warn'],
          tokenValidation: TokenValidation.OFFLINE,
        }
        ];
      },
      imports: [ConfigModule],
      inject: [ConfigService],
    }),

I hope you'll find this idea not so crazy oder useless :)

Blured.

ferrerojosh commented 1 year ago

Its basically like an alternate client (not close enough to be called a load balancer, maybe secondary dns?). But its on the same keycloak instance. I find it quite strange and yes crazy.