remove userInfo request

Author: felixheck

src/index.js

@@ -4,29 +4,15 @@ const token = require('./token')
 const { error, fakeReply, verify } = require('./utils')
 const pkg = require('../package.json')
 
-let manager
-
 /**
- * @function
- * @public
- *
- * Get user information based on token with help of Keycloak.
- * If all validations and requests are successful, save the
- * token and its user data in memory cache.
+ * @type Object
+ * @private
  *
- * @param {string} token The token to be validated
- * @param {Function} reply The callback handler
+ * Internally used properties
  */
-function handleKeycloakUserInfo (tkn, reply) {
-  manager.userInfo(tkn.get()).then((userInfo) => {
-    const { scope, expiresIn } = tkn.getData()
-    const userData = { credentials: Object.assign({ scope }, userInfo) }
-
-    cache.set(tkn.get(), userData, expiresIn)
-    reply.continue(userData)
-  }).catch((err) => {
-    reply(error('unauthorized', err))
-  })
+const internals = {
+  manager: undefined,
+  userInfoFields: []
 }
 
 /**
@@ -41,8 +27,16 @@ function handleKeycloakUserInfo (tkn, reply) {
 function handleKeycloakValidation (tkn, reply) {
   const invalidate = (err) => reply(error('unauthorized', err, error.msg.invalid))
 
-  manager.validateAccessToken(tkn.get()).then((res) => {
-    res ? handleKeycloakUserInfo(tkn, reply) : invalidate()
+  internals.manager.validateAccessToken(tkn.get()).then((res) => {
+    if (!res) {
+      return invalidate()
+    }
+
+    const { expiresIn, ...credentials } = tkn.getData(internals.userInfoFields)
+    const userData = { credentials }
+
+    cache.set(tkn.get(), userData, expiresIn)
+    return reply.continue(userData)
   }).catch(invalidate)
 }
 
@@ -108,9 +102,11 @@ function strategy (server) {
  */
 function plugin (server, opts, next) {
   opts = verify(opts)
-  manager = new GrantManager(opts)
   cache.init(server, opts.cache)
 
+  internals.manager = new GrantManager(opts.client)
+  internals.userInfoFields = opts.userInfo
+
   server.auth.scheme('keycloak-jwt', strategy)
   server.decorate('server', 'kjwt', { validate })
 

src/token.js

@@ -65,6 +65,20 @@ function token (field) {
     return (exp - iat) * 1000
   }
 
+  /**
+   * @function
+   * @private
+   *
+   * Get necessary user information out of token content.
+   *
+   * @param {Object} content The token its content
+   * @param {Array.<?string>} fields The necessary fields
+   * @returns {Object} The collection of requested user info
+   */
+  function getUserInfo (content, fields) {
+    return _.pick(content, _.uniq(['sub', ...fields]))
+  }
+
   /**
    * @function
    * @public
@@ -88,12 +102,13 @@ function token (field) {
    *
    * @returns {Object} The extracted data
    */
-  function getData () {
+  function getData (userInfoFields) {
     const content = getContent()
 
     return {
       scope: getScope(content),
-      expiresIn: getExpiration(content)
+      expiresIn: getExpiration(content),
+      ...getUserInfo(content, userInfoFields)
     }
   }
 

src/utils.js

@@ -14,7 +14,8 @@ const scheme = joi.object({
   }).unknown(true).required(),
   cache: joi.alternatives().try(joi.object({
     segment: joi.string().default('keycloakJwt')
-  }), joi.boolean().invalid(true)).default(false)
+  }), joi.boolean().invalid(true)).default(false),
+  userInfo: joi.array().items(joi.string()).default([])
 }).unknown(true).required()
 
 /**