Node Express.js
Using keycloak-connect middleware you can protect your endpoints with Keycloak. I cover this in more detail here. Here are the basics install keycloak-connect in a express project.
'use strict';
const Keycloak = require('keycloak-connect');
const express = require('express');
const session = require('express-session');
const expressHbs = require('express-handlebars');
const app = express();
// Register 'handelbars' extension with The Mustache Express
app.engine('hbs', expressHbs({extname:'hbs',
defaultLayout:'layout.hbs',
relativeTo: __dirname}));
app.set('view engine', 'hbs');
var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({ store: memoryStore });
//session
app.use(session({
secret:'thisShouldBeLongAndSecret',
resave: false,
saveUninitialized: true,
store: memoryStore
}));
app.use(keycloak.middleware());
//route protected with Keycloak
app.get('/test', keycloak.protect(), function(req, res){
res.render('test', {title:'Test of the test'});
});
//unprotected route
app.get('/',function(req,res){
res.render('index');
});
app.use( keycloak.middleware( { logout: '/'} ));
app.listen(8000, function () {
console.log('Listening at http://localhost:8000');
});
view raw
I added a start script to the package.json.
"scripts": {
"start": "node app.js"
}
Then pushed the changes to a remote git repo. I can now deploy this to Openshift from git. Click on New Project In Openshift , browse the catalog and select node and point to your git repo.
The project is deployed but Openshifts default port is 8080, As the expresss server is serving on 8000 we need to change this to get the route to resolve. We need to edit the Deployment config ,Service and the Route to change this.
You should now be able to click on the link and it should resolve. There is one further thing we need to do this app but that is after we get the Keycloak server up and running.
Keycloak
There is a Keycloak container designed to run with Openshift found here which I will use to deploy Keycloak. Click on Add to project and Deploy Image , add jboss/keycloak-openshift to the image name, and add two enviroment variables for the admin username (KEYCLOAK_USER) and password (KEYCLOAK_PASSWORD).
Once the build is finished you will see that no route was setup. Just click on create route and except the defaults.
Once the route is created you can click on it and got to the Keycloak landing page
Click on Administration Console and you can log in with the admin username(KEYCLOAK_USER) and password (KEYCLOAK_PASSWORD).Thats all your Keycloak server is up and running on Openshift.
Connecting the Express server to Keycloak
On the Keycloak server we need to create a Realm and create a Client in the realm, set the valid redirect url for the client i.e. point it at our express server on Openshift, Create a user in the realm and set its password and download the keycloak.json file to the root of our express app. I cover this in more details here. This is a quick overview.
Create a file in the route of your express server project call keycloak.json with the contents from the download e.g.
{
"realm": "express",
"auth-server-url": "http://keycloak-openshift-keycloak-project.192.168.42.240.nip.io/auth",
"ssl-required": "external",
"resource": "express",
"public-client": true,
"confidential-port": 0
}
Commit the changes and push to your remote repo. Then trigger a build for the express Pod to pull the changes from git and deploy them.
That’s it all should be working now.
Top comments (0)