@teamteanpm2024/pariatur-dolorem-nemo

v1.0.4

Published

7 months ago

Downloads

0High
0Medium
0Low

shivamkalsi2024

shared nope ponyfill ReactiveX exec properties wordwrap core Symbol option lazy emoji tdd make dir push lru hooks react-hook-form colour styled-components css-in-js transpiler descriptors syntax defineProperty id phone express irq joi toStringTag weakset offset tty reduce String.prototype.trim ES3 types classnames form-validation ramda watching bundler regex console querystring dom rapid immutable Uint8ClampedArray install Uint16Array polyfill negative worker arrays flatMap iterate spinner protocol-buffers core-js rm debugger busy node 256 rfc4122 zod protobuf spinners apollo create pyyaml inspect figlet es6 collection typescript getter throat ArrayBuffer#slice Promise gradients css dir fastclone language bootstrap css gdpr util.inspect typeerror nodejs signal flatten chai parse arraybuffer datastructure includes buffers sequence karma optimizer JSON windows xdg utilities nested css move parents dom-testing-library diff middleware validation typedarrays mime folder symlink weakmap util tester character string StyleSheet parent CSS crypto tc39 input findLastIndex package.json indicator serialization deep-clone hardlinks make file system bound fast-deep-clone regular expressions typesafe preserve-symlinks batch spec set eslint-plugin reducer pure redux intrinsic ArrayBuffer side eventEmitter regular trim ansi react-testing-library ArrayBuffer.prototype.slice file transpile react animation libphonenumber log scheme sham bundling mru iteration prop internal slot write Set crypt byte gradients css3 shrinkwrap map rm -fr ES2023 fsevents ECMAScript 2019 ECMAScript 7 ES2017 eventDispatcher ie stream extend rm -rf group HyBi jsonpath website extension cli autoprefixer encryption package manager opens sort mixins some flags monorepo entries setter Symbol.toStringTag Array.prototype.findLastIndex warning eslint korean ratelimit queue awesomesauce less mixins promises javascript WebSocket readablestream const typeof negative zero RxJS forEach mimetypes opener css variable drag censor symbol matchAll callbind generics user-streams readable rate keys find less.js variables in css form typed array jsdiff Float64Array harmony spawn exe css Rx metadata ECMAScript 2020 ast es2016 computed-types touch eslintplugin Map Microsoft logger ES6 byteLength var ECMAScript 2021 point-free uuid xss progress ajax dataView queueMicrotask ReactiveExtensions ajv ECMAScript 2023 browser rgb sigterm postcss-plugin AsyncIterator sameValueZero es-abstract preprocessor rangeerror bdd query positive obj pretty byteOffset ts ES2015 typedarray sharedarraybuffer Array.prototype.findLast find-up utility superagent deterministic slot fantasy-land picomatch api japanese WeakSet tostringtag graphql Float32Array debug art ECMAScript 5 env performance term Push styles sigint jsdom babel-core prune events property stable Uint8Array jsonschema cache stateless Object.is output ES2020 qs Int8Array Object.getPrototypeOf default spring starter css nesting workspace:*moment RegExp.prototype.flags code points modules wordbreak curried ES2018 schema arguments limit getOwnPropertyDescriptor shell linux pipe Object test every remove exit fastify task text [[Prototype]]browserlist functions names formatting Streams from deep accessor trimEnd https error .env tslib fast-copy read limited native Object.assign match minimal rmdir ECMAScript 2018 trimLeft jsx setPrototypeOf arktype sanitize recursive toobject lockfile es2015 ES5 environment promise testing real-time columns $.extend Reflect.getPrototypeOf cjk ESnext Function.prototype.name function shim __proto__name hookform js xdg-open urls i18n loading l10n watcher ES8 validator es2018 view redact RegExp#flags forms isConcatSpreadable scheme-validation ECMAScript 3 emit helpers watch setImmediate es-shim API command-line whatwg hash full array ES2019 stringify ava animation link command pose typed superstruct fs auth quote ECMAScript 2017 let BigUint64Array classname request symlinks concatMap assert jest shebang 0 es5 characters call guid less format

Get KeyCloak Public Key

Provides access to PEM Public Keys from a KeyCloak server for JWT validation.

Introduction

KeyCloak has a bunch of libraries, but for NodeJs the only solution is a Connect based adapter. In case you want to use koa, or something else, you are toast with your token.

This module provides access to the PEM encoded Public Key used for the token based on the KID value, so you can validate the token with anything you want.

The module has no dependencies, the algorithm used to reconstruct the PEM encoded value from the modulus and the exponent is taken from tracker1's solution.

Features

The idea is to keep this simple and stupid, so nothing fancy is included. It can download the certificates JSON from a KeyCloak server, find the one with matching KID value, and reconstruct the Public Key in PEM format. End of story.

If you need improved behavior like caching of Public Keys, you can easily implement one.

Installation

$ npm install --save get-keycloak-public-key

Usage

const KeyCloakCerts = require('get-keycloak-public-key');

const keyCloakCerts = new KeyCloakCerts('https://my-keycloak.com', 'my-realm');

// You can also pass the full URL instead, as a single argument:
// 'https://my-keycloak.com/auth/realms/my-realm/protocol/openid-connect/certs'

const publicKey = keyCloakCerts.fetch('my-kid')

Example

Verifying the token using koa and jsonwebtoken:

const Koa = require('koa');
const KeyCloakCerts = require('get-keycloak-public-key');
const jwt = require('jsonwebtoken');

const keyCloakCerts = new KeyCloakCerts('https://my-keycloak.com', 'my-realm');
const app = new Koa();
app.use(async (ctx) => {
  // Check the Authorization header
  if (!(ctx.request.header.autorization && ctx.request.header.authorization.startsWith('Bearer '))) {
    // Authorization header is missing
    ctx.status = 401;
    return;
  }

  // Get the token from the Authorization header, skip 'Bearer ' prefix
  const token = ctx.request.header.authorization.substr(7);

  // decode the token without verification to have the kid value
  const kid = jwt.decode(token, { complete: true }).header.kid;

  // fetch the PEM Public Key
  const publicKey = await keyCloakCerts.fetch(kid);

  if (publicKey) {
    try {
      // Verify and decode the token
      const decoded = jwt.verify(token, publicKey);
      ctx.body = decoded;
    } catch (error) {
      // Token is not valid
      process.stderr.write(error.toString());
      ctx.status = 401;
    }
  } else {
    // KeyCloak has no Public Key for the specified KID
    ctx.status = 401;
  }
});
app.listen(3000);

Published

Vulnerabilities

Links

Maintainers

Keywords