ferrerojosh / nest-keycloak-connect

keycloak-nodejs-connect module for Nest
MIT License
316 stars 124 forks source link

Websocket support #86

Open Nosfistis opened 3 years ago

Nosfistis commented 3 years ago

Is it possible to support websockets?

Using the default socket implementation that is suggested by NestJS, this is as easy as adding another case in the extractRequest helper. The related information is in the handshake, since socket.io 4 provides such info in the handshake.auth.

Other than that, perhaps the helper itself could be moved to a service, so that it can be overriden and provided to the guard.

ferrerojosh commented 3 years ago

I'll try to find a way to do this, thanks for the suggestion.

tiagosiebler commented 2 years ago

Also interested in this - thanks. The auth guard currently throws in trying to access request after the call to extractRequest in the auth guard, if trying to use jwts with graphql subscriptions.

tiagosiebler commented 2 years ago

In case it helps anyone else, an adaptation of this worked for me: https://github.com/nestjs/docs.nestjs.com/issues/394#issuecomment-582161405

ZerNico commented 2 years ago

In case it helps anyone else, an adaptation of this worked for me: nestjs/docs.nestjs.com#394 (comment)

Do you possibly still have that code around and could share it?

tiagosiebler commented 2 years ago

In case it helps anyone else, an adaptation of this worked for me: nestjs/docs.nestjs.com#394 (comment)

Do you possibly still have that code around and could share it?

No exact sample I can share, sorry, but it is just an adaptation of the steps in the linked comment in the nestjs docs repo. If I remember correctly, the custom/adapted onConnect() method in GraphQLModule.forRootAsync({ -> subscriptions{} -> subscriptions-transport-ws{} -> onConnect() }) is what's key here (step 2).

This is the place to capture and return enough context for the custom auth guard (step 3 in the linked comment) to access the jwt. With my case of graphql + keycloak, it seemed the client was sending the auth token as an initial event immediately after connecting. This initial payload is the first parameter of the onConnect() callback method within subscriptions{ subscriptions-transport-ws{ onConnect => (payload, ws, context) {} } }

Steps 2 & 3 make sure the auth guard can access that jwt, without needing to know it didn't come in the request header. Hope I'm remembering this correctly as it already seems like a while ago. hope it helps.

supun19 commented 1 year ago

is someone have an example code to do this