Javascript backend library to verify keycloak tokens and get user info
Instantiating
const config = { realm: 'OECD', authServerUrl: 'localhost://8080' };
const keycloak = Keycloak(config);
Validating access tokens
Online validation
This method requires online connection to the Keycloak service to validate the access token. It is highly secure since it also check for the possible token invalidation. The disadvantage is that a request to the Keycloak service happens on every validation attempt.
try {
const user = await keycloak.verifyOnline(accessToken);
} catch(e){ ... }
Will request keycloak
server to get user information, throw an execption if token is not valid.
Response data is a subset of verify Offline
to add more attributes see https://www.keycloak.org/docs/latest/server_admin/index.html#user-attributes or https://stackoverflow.com/questions/32678883/keycloak-retrieve-custom-attributes-to-keycloakprincipal
Offline validation
This method can be used in two different ways:
- With a
public key
prop in the config object, the function verify the access token and returns user information.
const config = { publicKey: keycloakPublicKey };
Performance is higher compared to the online method, the disadvantage is that access token invalidation will not work until the token is expired.
- Without a
public key
, then config needs arealm
and aauthServerUrl
set in the config to retrieve it from keycloak server.
const config = { realm: 'OECD', authServerUrl: 'localhost://8080' };
We can add config.useCache
to cache keycloak public key to optimize performance and avoid to request it on each verification.
try {
const user = await keycloak.verifyOffline(accessToken);
} catch(e){ ... }
Decodes token to get user information, throw an exception if token is not valid.