Support async for multi tenant resolvers, fixes #125

src/guards/auth.guard.ts

@@ -84,7 +84,7 @@ export class AuthGuard implements CanActivate {
 
     this.logger.verbose(`User JWT: ${jwt}`);
 
-    const keycloak = useKeycloak(
+    const keycloak = await useKeycloak(
       request,
       jwt,
       this.singleTenant,

src/guards/resource.guard.ts

@@ -111,7 +111,7 @@ export class ResourceGuard implements CanActivate {
     const user = request.user?.preferred_username ?? 'user';
 
     const enforcerFn = createEnforcerContext(request, response, enforcerOpts);
-    const keycloak = useKeycloak(
+    const keycloak = await useKeycloak(
       request,
       request.accessTokenJWT,
       this.singleTenant,

src/guards/role.guard.ts

@@ -70,7 +70,7 @@ export class RoleGuard implements CanActivate {
     }
 
     // Create grant
-    const keycloak = useKeycloak(
+    const keycloak = await useKeycloak(
       request,
       request.accessTokenJWT,
       this.singleTenant,

src/interface/keycloak-connect-options.interface.ts

@@ -9,8 +9,8 @@ export type KeycloakConnectOptions = string | KeycloakConnectConfig;
  * Multi tenant configuration.
  */
 export interface MultiTenantOptions {
-  realmResolver: (request: any) => string;
-  realmSecretResolver?: (realm: string) => string;
+  realmResolver: (request: any) => Promise<string> | string;
+  realmSecretResolver?: (realm: string) => Promise<string> | string;
 }
 
 /**

src/services/keycloak-multitenant.service.ts

@@ -27,7 +27,7 @@ export class KeycloakMultiTenantService {
    * @param realm the realm to retrieve from
    * @returns the multi tenant keycloak instance
    */
-  get(realm: string): KeycloakConnect.Keycloak {
+  async get(realm: string): Promise<KeycloakConnect.Keycloak> {
     if (this.instances.has(realm)) {
       return this.instances.get(realm);
     } else {
@@ -36,11 +36,24 @@ export class KeycloakMultiTenantService {
           'Keycloak configuration is a configuration path. This should not happen after module load.',
         );
       }
+      if (
+        this.keycloakOpts.multiTenant === null ||
+        this.keycloakOpts.multiTenant === undefined
+      ) {
+        throw new Error(
+          'Multi tenant is not defined yet multi tenant service is being called.',
+        );
+      }
 
       // Resolve realm secret
-      const realmSecret = this.keycloakOpts.multiTenant?.realmSecretResolver?.(
+      const resolvedRealmSecret = this.keycloakOpts.multiTenant.realmSecretResolver(
         realm,
       );
+      const realmSecret =
+        resolvedRealmSecret || resolvedRealmSecret instanceof Promise
+          ? await resolvedRealmSecret
+          : resolvedRealmSecret;
+
       // Override secret
       // Order of priority: resolved realm secret > default global secret
       const secret = realmSecret || this.keycloakOpts.secret;

src/util.ts

@@ -7,20 +7,22 @@ type GqlContextType = 'graphql' | ContextType;
 
 // Confusing and all, but I needed to extract this fn to avoid more repeating code
 // TODO: Rework in 2.0
-export const useKeycloak = (
+export const useKeycloak = async (
   request: any,
   jwt: string,
   singleTenant: KeycloakConnect.Keycloak,
   multiTenant: KeycloakMultiTenantService,
   opts: KeycloakConnectConfig,
-): KeycloakConnect.Keycloak => {
+): Promise<KeycloakConnect.Keycloak> => {
   if (opts.multiTenant && opts.multiTenant.realmResolver) {
     const resolvedRealm = opts.multiTenant.realmResolver(request);
-    return multiTenant.get(resolvedRealm);
+    const realm =
+      resolvedRealm instanceof Promise ? await resolvedRealm : resolvedRealm;
+    return await multiTenant.get(realm);
   } else if (!opts.realm) {
     const payload = parseToken(jwt);
     const issuerRealm = payload.iss.split('/').pop();
-    return multiTenant.get(issuerRealm);
+    return await multiTenant.get(issuerRealm);
   }
   return singleTenant;
 };