search

keycloak / keycloak-nodejs-connect

Apache License 2.0
682 stars 421 forks source link

Support policy-enforcer in keycloak.json for nodejs keycloak-connect adapter #433

Closed quangtm210395 closed 2 years ago

quangtm210395 commented 2 years ago

Description

When using keycloak as an authorization service. We need to implement policy enforcer point in services. For nodejs, Im using keycloak-connect to setup the middleware. And I realize that it not support the policy-enforcer configs in the kkeycloak.json file. So I need to implement it by writing code. I think it will be very nice if the keycloak-connect adapter supports the policy-enforcer configs in json file.

Discussion

No response

Motivation

No response

Details

As the authorization service documentation, we can config the enforcer like this in keycloak.json file


  "policy-enforcer": {
    "user-managed-access" : {},
    "enforcement-mode" : "ENFORCING",
    "paths": [
      {
        "path" : "/someUri/*",
        "methods" : [
          {
            "method": "GET",
            "scopes" : ["urn:app.com:scopes:view"]
          },
          {
            "method": "POST",
            "scopes" : ["urn:app.com:scopes:create"]
          }
        ]
      },
      {
        "name" : "Some Resource",
        "path" : "/usingPattern/{id}",
        "methods" : [
          {
            "method": "DELETE",
            "scopes" : ["urn:app.com:scopes:delete"]
          }
        ]
      },
      {
        "path" : "/exactMatch"
      },
      {
        "name" : "Admin Resources",
        "path" : "/usingWildCards/*"
      }
    ]
  }
}
jonkoops commented 2 years ago

We are not looking to add new features to this client as it has been deprecated. For more information see the announcement blog post.