An authorization strategy for Condor Auth Middleware.
Condor is a GRPC Framework for node. Condor Auth is an authorization middleware for Condor.
This module validates and decodes bearer tokens provided by Keycloak (Keycloak uses OpenID Connect), and maps realm and resource roles that come in the JWT created by keycloak.
npm i --save condor-framework condor-auth condor-auth-keycloak
First, you will need to create a client in keycloak. Then you just need to add keycloak as a middleware in your condor server.
For the authorization to work, the caller must include the authorization
metadata, containing a valid access token (JWT), created by keycloak.
const Condor = require('condor-framework');
const Auth = require('condor-auth').Auth;
const KeycloakStrategy = require('condor-auth-keycloak').Strategy;
const Greeter = require('./greeter');
const strategy = new KeycloakStrategy(/* keycloak-options */);
const auth = new Auth(strategy);
const app = new Condor()
.addService('./protos/greeter.proto', 'myapp.Greeter', new Greeter())
.use(auth.middleware)
.start();
By default, when no options are passed, it will try to read the configuration from keycloak.json
.
The keycloak.json
can be obtained from keycloack, and should look like this:
{
"realm": "demo",
"bearer-only": true,
"auth-server-url": "http://localhost:8180/auth",
"ssl-required": "none",
"resource": "node-service"
}
To configure access rules, see the condor-auth documentation.
All values are optional. Their default values are:
Option | Description | Default |
---|---|---|
configFile | The path to the configuration file | keycloak.json |
MIT License. Copyright 2017 by Devsu LLC, a great microservices development team