Feijuca.Auth overview:
Feijuca.Auth is a solution designed to simplify integration with Keycloak, providing a NuGet package and an API with endpoints related to authentication, authorization, access control management (RBAC), client and realm creation, client scope creation, and more. Feijuca.Auth.Api also allows you to use Keycloak in a multitenant context, where each realm is treated as a separate tenant. For full documentation, refer to the Feijuca.Auth guide.
Practical example: If you want to see how the API will look after completing the configurations, check out the Swagger definition. Many endpoints require a token for access. To use the API effectively, ensure you follow the configuration steps outlined below.
Steps to setting up Feijuca.Auth.Api:
Configure the Master Realm: In the Keycloak Admin, create a client with permissions to manage the realm. This allows Feijuca.Auth to generate access tokens and execute actions based on your needs. Details about how to do it can be found here.
Feijuca.Auth performs no actions autonomously. Every operation is initiated by you through using the endpoints.
Configure Feijuca.Auth.Api: This second configuration involves specifying the URL, Client ID, and Client Secret that were previously created. Here's a breakdown of the process:
The credentials are stored in a MongoDB database set up by you, ensuring secure and consistent storage of this sensitive data.
Does not have a mongodb instance? You can create one free using MongoDB Atlas.
Currently, a MongoDB connection string needs to be provided. However, if you'd like to contribute to the project and change it to add support to a database of your choice, feel free to contribute :)
Environment Variable for Connection: The connection string related to the created database is provided as an environment variable when starting the container with the Feijuca docker image. This ensures that the Feijuca container can access the database to retrieve the necessary configuration and generate tokens with the correct permissions to handle the realms.
Details about this step can be found here.
Restarting the container: After using the configuration endpoint, you need to restart the Feijuca container. This ensures that Feijuca applies configurations based on the saved information. Once restarted, Feijuca is ready to perform actions on your realm.
On Feijuca.Auth project, a realm can be referred to as a tenant, as Feijuca.Auth supports multitenant usage in Keycloak. For each request, the target realm/tenant must be specified via a header.
Example Usage:
To use the /users/login endpoint, specify the desired realm name (tenant) in the request header. This determines where the action will be performed.
If you have any questions while reading this article, please refer to the documentation, where you will find a detailed step-by-step guide explaining the actions precisely. This article is intended only to provide a brief overview of the Feijuca.Auth configuration process.
Top comments (0)