Skip to content

greenbone/keycloak-client-golang

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

262 Commits

.github

.github

 
 

auth

auth

 
 

client

client

 
 

.gitignore

.gitignore

 
 

.golangci.yml

.golangci.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

changelog.toml

changelog.toml

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

version.go

version.go

 
 

Repository files navigation

Greenbone Logo

GitHub releases

Golang Keycloak Client

This repository contains a reusable connector for Keycloak.

Authorization

See auth/example_test.go for example usage or snippet below:

import "github.com/greenbone/keycloak-client-golang/auth"

func main() {
    realmInfo := auth.KeycloakRealmInfo{
        RealmId:               "user-management",             // keycloak realm name
        AuthServerInternalUrl: "http://keycloak:8080/auth",   // keycloak server internal url
        AuthServerPublicUrl:   "http://localhost:28080/auth", // keycloak server public url (jwt issuer)
    }
    
    authorizer, err := auth.NewKeycloakAuthorizer(realmInfo)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak token authorizer: %w", err))
        return
    }

    authMiddleware, err := auth.NewGinAuthMiddleware(authorizer.ParseRequest)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak auth middleware: %w", err))
        return
    }

    gin.SetMode(gin.TestMode)
    router := gin.Default()
    router.Use(authMiddleware) // wire up auth middleware

    router.GET("/test", func(c *gin.Context) {
        userContext, err := auth.GetUserContext(c)
        if err != nil {
            _ = c.AbortWithError(http.StatusInternalServerError, err)
            return
        }

        c.String(http.StatusOK, fmt.Sprintf("%#v", userContext))
        // Output:
        //
        // &auth.UserContext{
        //     Realm: "user-management", 
        //     UserID: "1927ed8a-3f1f-4846-8433-db290ea5ff90", 
        //     UserName: "initial", 
        //     EmailAddress: "initial@host.local", 
        //     Roles: []string{""offline_access", "uma_authorization", "user", "default-roles-user-management"}, 
        //     Groups: []string{"user-management-initial"}, 
        //     AllowedOrigins: []string{"http://localhost:3000"},
        // }
    })
}

Steps:

  • create a realm info struct with realm id and keycloak internal url (inside docker/k8s) from environment variables,
  • create keycloak authorizer via auth.NewKeycloakAuthorizer and pass the realm info,
  • create gin middleware via auth.NewGinAuthMiddleware with ParseRequest method of the authorizer. It will check Authorization header for the bearer token and Origin header for an allowed origin. It will put decoded claims into gin context
  • wire up auth middleware to routes you decide
  • inside routes use auth.GetUserContext to get decoded token claims as a user context object from gin context

Maintainer

This project is maintained by Greenbone AG

Contributing

Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at GitHub first.

License

Copyright (C) 2020-2023 Greenbone AG

Licensed under the GNU General Public License v3.0 or later.

About

Reusable keycloak client for golang

Topics

go backend extended 3rdgen opensight opensight-asset

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

2 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases 8

keycloak-client-golang 0.2.0 Latest
Mar 12, 2024
+ 7 releases

Packages

No packages published

Contributors 9

Languages