Allow multiple auth-server-urls

[sebaspf]

Description

When using CNAMEs to point to the Keyclaok server, the JWT created has in the iss field the CNAME. As the KC Server can be react over both addresses, the auth-server-url field of the Config must take this into account. In the code line

keycloak-nodejs-connect/middleware/auth-utils/grant-manager.js

Line 427 in dd1c20f

} else if (token.content.iss !== this.realmUrl) {

the request will be rejected if they come form the CNAME URL of the URL the CNAME Points to.

Proposal
Type for backwards compatibility:

type auth_server_url_type: string | string[]

Usgage:

let iss = new URL(token.content.iss)
if ((typeof this.config.realmUrl) === "string") {
  // Use like until now
} else if (Array.isArray(this.config.realmUrl) {
  if (this.config.realmUrl.includes(iss.host) && (iss.pathname === ''/realms/' + this.config.realm) // Accept/Reject
} else {
  // Error (the Config class constructor should check this)
}

Discussion

No response

Motivation

No response

Details

No response

[sbabych]

Hi, pls take a look at #308
imo this is a correct approach for the multiple auth-server-urls.
Unfortunately it is already open for 2years at least