|
17 | 17 | ## Introduction |
18 | 18 | **hapi-auth-keycloak** is a plugin for [hapi.js](hapijs] which enables to protect your endpoints in a smart but professional manner using [Keycloak][keycloak] as authentication service. It is inspired by the related [express.js middleware][keycloak-node]. The plugin validates the passed [`Bearer` token][bearer] online with help of the [Keycloak][keycloak] server and optionally caches successfully validated tokens and the related user data using [`catbox`][catbox]. The caching enables a fast processing although the user data don't get changed until the token expires. It plays well with the [hapi.js][hapijs]-integrated [authentication feature][hapi-route-options]. Besides the authentication strategy it is possible to validate tokens by yourself, e.g. to authenticate incoming websocket or queue messages. |
19 | 19 |
|
20 | | -This plugin is implemented in ECMAScript 6 without any transpilers like `babel`.<br/> |
| 20 | +This plugin is implemented in ECMAScript 6 without any transpilers like [`babel`][babel].<br/> |
21 | 21 | Additionally [`standard`][standardjs] and [`ava`][avajs] are used to grant a high quality implementation.<br/> |
22 | 22 |
|
23 | 23 | ## Installation |
@@ -61,7 +61,9 @@ server.register({ |
61 | 61 | register: authKeycloak, |
62 | 62 | options: { |
63 | 63 | client: { |
64 | | - // ... |
| 64 | + realmUrl: 'https://localhost:8080/auth/realms/testme', |
| 65 | + clientId: 'foobar', |
| 66 | + secret: '1234-bar-4321-foo' |
65 | 67 | }, |
66 | 68 | cache: {} |
67 | 69 | } |
@@ -112,18 +114,17 @@ Required. |
112 | 114 | If `false` the cache is disabled. Use an empty object to use the built-in default cache.<br/> |
113 | 115 | Optional. Default: `false`.<br/> |
114 | 116 |
|
115 | | -#### `server.kjwt.validate(field <string>, done <Function>)` |
| 117 | +#### `server.kjwt.validate(field {string}, done {Function})` |
116 | 118 | Uses internally [`GrantManager.prototype.validateAccessToken()`][keycloak-auth-utils-gm-validate]. |
117 | 119 |
|
118 | | -- `field {string}`: The `Bearer` field, including the scheme itself.<br/> |
| 120 | +- `field {string}`: The `Bearer` field, including the scheme (`bearer`) itself.<br/> |
119 | 121 | Example: `bearer 12345.abcde.67890`.<br/> |
120 | 122 | Required. |
121 | 123 |
|
122 | | -- `done {Function}`: The callback handler is passed an `Error` object (if available) and the `result` (error-first). If the token is invalid, the `result` is `false`. Otherwise it is an object containing all relevant credentials.<br/> |
| 124 | +- `done {Function}`: The callback handler is passed `err {Error}, result {Object|false}` (error-first approach).<br/>If an error occurs, `err` is not `null`. If the token is invalid, the `result` is `false`. Otherwise it is an object containing all relevant credentials.<br/> |
123 | 125 | Required. |
124 | 126 |
|
125 | 127 | ## Example |
126 | | -#### Code |
127 | 128 |
|
128 | 129 | ``` js |
129 | 130 | const Hapi = require('hapi'); |
@@ -161,7 +162,9 @@ server.register({ |
161 | 162 | register: authKeycloak, |
162 | 163 | options: { |
163 | 164 | client: { |
164 | | - // ... |
| 165 | + realmUrl: 'https://localhost:8080/auth/realms/testme', |
| 166 | + clientId: 'foobar', |
| 167 | + secret: '1234-bar-4321-foo' |
165 | 168 | }, |
166 | 169 | cache: {} |
167 | 170 | } |
@@ -204,6 +207,7 @@ For further information read the [contributing guideline](CONTRIBUTING.md). |
204 | 207 | [hapijs]: https://hapijs.com/ |
205 | 208 | [avajs]: https://github.com/avajs/ava |
206 | 209 | [standardjs]: https://standardjs.com/ |
| 210 | +[babel]: https://babeljs.io/ |
207 | 211 | [npm]: https://github.com/npm/npm |
208 | 212 | [yarn]: https://yarnpkg.com |
209 | 213 | [jwt]: https://jwt.io/ |
|
0 commit comments