From c867cb0a49faa7b70af465f7459f5a9865b84f6b Mon Sep 17 00:00:00 2001 From: vzakharchenko Date: Wed, 7 Jul 2021 14:08:30 +0300 Subject: [PATCH] Custom Storage --- .github/workflows/nodejs.yml | 9 + README.md | 2 + examples/README.md | 1 + examples/customStorageExample/README.md | 84 + .../customStorage/index.ts | 39 + .../customStorage/package.json | 30 + .../customStorage/tsconfig.json | 74 + .../development/.eslintignore | 2 + .../development/.eslintrc | 36 + .../development/ApiConfig.json | 23 + .../development/README.md | 24 + .../development/craco.config.js | 26 + .../development/package.json | 53 + .../development/public/index.html | 9 + .../development/public/public/index.html | 8 + .../development/server.crt | 22 + .../development/server.key | 28 + .../development/src/App.tsx | 68 + .../development/src/index.tsx | 10 + .../development/src/react-app-env.d.ts | 1 + .../development/src/restCalls.ts | 27 + .../development/tsconfig.json | 26 + .../example-realm-export.json | 2161 +++++++++++++++++ .../production/.eslintignore | 2 + .../customStorageExample/production/.eslintrc | 38 + .../production/keycloak-lambda-cdk/cdk.json | 4 + .../production/keycloak-lambda-cdk/deploy.sh | 93 + .../production/keycloak-lambda-cdk/index.js | 126 + .../keycloak-lambda-cdk/package.json | 19 + .../customStorageExample/production/lambda.js | 17 + .../production/package.json | 67 + .../customStorageExample/production/server.js | 24 + .../production/webpack.config.babel.js | 96 + .../reactJSExample/development/ApiConfig.json | 24 +- examples/reactJSExample/production/server.js | 2 +- package.json | 24 +- src/handlers/TokenPageHandler.ts | 1 + src/session/SessionManager.ts | 32 +- 38 files changed, 3292 insertions(+), 40 deletions(-) create mode 100644 examples/customStorageExample/README.md create mode 100644 examples/customStorageExample/customStorage/index.ts create mode 100644 examples/customStorageExample/customStorage/package.json create mode 100644 examples/customStorageExample/customStorage/tsconfig.json create mode 100644 examples/customStorageExample/development/.eslintignore create mode 100644 examples/customStorageExample/development/.eslintrc create mode 100644 examples/customStorageExample/development/ApiConfig.json create mode 100644 examples/customStorageExample/development/README.md create mode 100644 examples/customStorageExample/development/craco.config.js create mode 100644 examples/customStorageExample/development/package.json create mode 100644 examples/customStorageExample/development/public/index.html create mode 100644 examples/customStorageExample/development/public/public/index.html create mode 100644 examples/customStorageExample/development/server.crt create mode 100644 examples/customStorageExample/development/server.key create mode 100644 examples/customStorageExample/development/src/App.tsx create mode 100644 examples/customStorageExample/development/src/index.tsx create mode 100644 examples/customStorageExample/development/src/react-app-env.d.ts create mode 100644 examples/customStorageExample/development/src/restCalls.ts create mode 100644 examples/customStorageExample/development/tsconfig.json create mode 100644 examples/customStorageExample/example-realm-export.json create mode 100644 examples/customStorageExample/production/.eslintignore create mode 100644 examples/customStorageExample/production/.eslintrc create mode 100644 examples/customStorageExample/production/keycloak-lambda-cdk/cdk.json create mode 100755 examples/customStorageExample/production/keycloak-lambda-cdk/deploy.sh create mode 100644 examples/customStorageExample/production/keycloak-lambda-cdk/index.js create mode 100644 examples/customStorageExample/production/keycloak-lambda-cdk/package.json create mode 100644 examples/customStorageExample/production/lambda.js create mode 100644 examples/customStorageExample/production/package.json create mode 100644 examples/customStorageExample/production/server.js create mode 100644 examples/customStorageExample/production/webpack.config.babel.js diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 3184e19..f4f302f 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -53,3 +53,12 @@ jobs: - run: cd examples/crossTenantReactJSExample/production && npm run build - run: cd examples/crossTenantReactJSExample/tenantSelectorApp && npm i - run: cd examples/crossTenantReactJSExample/tenantSelectorApp && npm run lint + - run: cd examples/customStorageExample/customStorage && npm i + - run: cd examples/customStorageExample/customStorage && npm run lint + - run: cd examples/customStorageExample/customStorage && npm run build + - run: cd examples/customStorageExample/development && npm i + - run: cd examples/customStorageExample/development && npm run lint + - run: cd examples/customStorageExample/development && npm run build + - run: cd examples/customStorageExample/production && npm i + - run: cd examples/customStorageExample/production && npm run lint + - run: cd examples/customStorageExample/production && npm run build diff --git a/README.md b/README.md index 626bf25..c10dd09 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ Login flow gateway through [Keycloak](https://www.keycloak.org/) for static Web - [Single Tenant ReactJS Application](./examples/reactJSExample) - [Multi-tenant ReactJS Application with Tenant selector](./examples/multiTenantReactJSExample) - [Cross-tenant ReactJS Application with Tenant selector and approval proccess](./examples/crossTenantReactJSExample) +- [Custom Storage example](./examples/customStorageExample) # Installation @@ -204,6 +205,7 @@ where - **storageType** place where store session data(user access and refresh tokens) - DynamoDB store in AWS DynamoDB - InMemoryDB store in file + - own implementation of StorageDB ([example](./examples/customStorageExample)) - **identityProviders** Identity Provider Alias name. - multiTenant - Identity Provider for Multitenant application. need use the same alias name between tenants. can be overridden by request parameter kc_idp_hint - singleTenant - Identity Provider for application. diff --git a/examples/README.md b/examples/README.md index da828be..3d249fb 100644 --- a/examples/README.md +++ b/examples/README.md @@ -2,3 +2,4 @@ - [Single Tenant ReactJS Application](./reactJSExample) - [Multi-tenant ReactJS Application with Tenant selector](./multiTenantReactJSExample) - [Cross-tenant ReactJS Application with Tenant selector and approval proccess](./crossTenantReactJSExample) +- [Custom Storage example](./customStorageExample) diff --git a/examples/customStorageExample/README.md b/examples/customStorageExample/README.md new file mode 100644 index 0000000..d5671f6 --- /dev/null +++ b/examples/customStorageExample/README.md @@ -0,0 +1,84 @@ +# Example of custom storage + +## Development + +1. **Run Docker** +Using the image from https://hub.docker.com/r/jboss/keycloak/ +``` +docker run -p 8090:8080 -e JAVA_OPTS="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true" -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -v `pwd`:/express -e KEYCLOAK_IMPORT=/express/example-realm-export.json jboss/keycloak +``` + +2. **Run localhost development server** +```bash +cd development +npm i +npm run start +``` +users: + +| User | Password | +|:----------|:-----------| +| user | user | + +## Deploy production package to Lambda@Edge + +1. **build custom storage** +``` +cd customStorage +npm i +npm run build +``` +2. **Prepare frontend static resources** +```bash +cd development +npm i +npm run build +``` +3. **Build Lambda@Edge package** +``` +cd production +npm i +npm run build +``` +4. **Run Keycloak docker image accessible from the Internet** +``` +docker run -p 8090:8080 -e JAVA_OPTS="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true" -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -v `pwd`:/express -e KEYCLOAK_IMPORT=/express/example-realm-export.json jboss/keycloak +ngrok http 8090 +``` + +5. **Run CDK Deploy Script** +``` +cd production/keycloak-lambda-cdk +npm i +./deploy.sh -n -r --keycloakUrl https://834d39e42544.ngrok.io --profile +``` + +users: + +| User | Password | +|:----------|:-----------| +| user | user | + +# Run as ExpressJS Server: + +```bash +cd customStorage +npm i +npm run build + +cd ../development +npm i +npm run build + +cd ../production +npm i +npm run build +cd dist/server +node server.js +``` + +users: + +| User | Password | +|:----------|:-----------| +| user | user | diff --git a/examples/customStorageExample/customStorage/index.ts b/examples/customStorageExample/customStorage/index.ts new file mode 100644 index 0000000..2fe0ef8 --- /dev/null +++ b/examples/customStorageExample/customStorage/index.ts @@ -0,0 +1,39 @@ +import {StrorageDB, StrorageDBType} from 'keycloak-api-gateway/dist/src/session/storage/Strorage'; + +type InMemoryType = { + [key: string]: StrorageDBType +} + + +export class CustomStorageDB implements StrorageDB { + + private inMemory: InMemoryType = {}; + + async deleteSession(sessionId: string): Promise { + delete this.inMemory[sessionId]; + } + + async getSessionIfExists(sessionId: string): Promise { + return this.inMemory[sessionId]; + } + + async saveSession(sessionId: string, keycloakSession: string, exp: number, email: string, externalToken: any): Promise { + this.inMemory[sessionId] = { + session: sessionId, + exp, + keycloakSession, + email, + externalToken, + }; + } + + async updateSession(sessionId: string, email: string, externalToken: any): Promise { + const sessionObject = this.inMemory[sessionId]; + if (sessionObject) { + sessionObject.externalToken = externalToken; + } else { + throw new Error("Session Does not Exists"); + } + } + +} diff --git a/examples/customStorageExample/customStorage/package.json b/examples/customStorageExample/customStorage/package.json new file mode 100644 index 0000000..ed1715a --- /dev/null +++ b/examples/customStorageExample/customStorage/package.json @@ -0,0 +1,30 @@ +{ + "name": "customstorage", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "lint": "eslint --ext .ts index.ts", + "lint:fix": "eslint --fix index.ts --ext .ts", + "build": "tsc --build" + }, + "dependencies": { + "keycloak-api-gateway": "../../.." + }, + "devDependencies": { + "@shopify/eslint-plugin": "^40.3.0", + "@types/cookie": "^0.4.1", + "@types/cookie-parser": "^1.4.2", + "@types/jest": "^26.0.24", + "@types/jsonwebtoken": "^8.5.4", + "@types/uuid": "^8.3.1", + "@typescript-eslint/eslint-plugin": "^4.28.2", + "@typescript-eslint/parser": "^4.28.2", + "coveralls": "^3.1.1", + "eslint": "^7.30.0", + "eslint-plugin-no-loops": "^0.3.0", + "typescript": "^4.3.5" + }, + "author": "", + "license": "ISC" +} diff --git a/examples/customStorageExample/customStorage/tsconfig.json b/examples/customStorageExample/customStorage/tsconfig.json new file mode 100644 index 0000000..b217ea4 --- /dev/null +++ b/examples/customStorageExample/customStorage/tsconfig.json @@ -0,0 +1,74 @@ +{ + "compilerOptions": { + /* Visit https://aka.ms/tsconfig.json to read more about this file */ + /* Basic Options */ + // "incremental": true, /* Enable incremental compilation */ + "target": "ES2015", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019', 'ES2020', 'ES2021', or 'ESNEXT'. */ + "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', 'es2020', or 'ESNext'. */ + // "lib": [], /* Specify library files to be included in the compilation. */ + // "allowJs": true, /* Allow javascript files to be compiled. */ + // "checkJs": true, /* Report errors in .js files. */ + // "jsx": "preserve", /* Specify JSX code generation: 'preserve', 'react-native', 'react', 'react-jsx' or 'react-jsxdev'. */ + "declaration": true, /* Generates corresponding '.d.ts' file. */ + "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */ + "sourceMap": true, /* Generates corresponding '.map' file. */ + // "outFile": "./", /* Concatenate and emit output to single file. */ + "outDir": "./dist", /* Redirect output structure to the directory. */ + // "rootDir": "./", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */ + // "composite": true, /* Enable project compilation */ + // "tsBuildInfoFile": "./", /* Specify file to store incremental compilation information */ + // "removeComments": true, /* Do not emit comments to output. */ + // "noEmit": true, /* Do not emit outputs. */ + // "importHelpers": true, /* Import emit helpers from 'tslib'. */ + // "downlevelIteration": true, /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */ + // "isolatedModules": true, /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */ + + /* Strict Type-Checking Options */ + "strict": true, /* Enable all strict type-checking options. */ + // "noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */ + // "strictNullChecks": true, /* Enable strict null checks. */ + // "strictFunctionTypes": true, /* Enable strict checking of function types. */ + // "strictBindCallApply": true, /* Enable strict 'bind', 'call', and 'apply' methods on functions. */ + // "strictPropertyInitialization": true, /* Enable strict checking of property initialization in classes. */ + // "noImplicitThis": true, /* Raise error on 'this' expressions with an implied 'any' type. */ + // "alwaysStrict": true, /* Parse in strict mode and emit "use strict" for each source file. */ + + /* Additional Checks */ + // "noUnusedLocals": true, /* Report errors on unused locals. */ + // "noUnusedParameters": true, /* Report errors on unused parameters. */ + // "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */ + // "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */ + // "noUncheckedIndexedAccess": true, /* Include 'undefined' in index signature results */ + // "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an 'override' modifier. */ + // "noPropertyAccessFromIndexSignature": true, /* Require undeclared properties from index signatures to use element accesses. */ + + /* Module Resolution Options */ + // "moduleResolution": "node", /* Specify module resolution strategy: 'node' (Node.js) or 'classic' (TypeScript pre-1.6). */ + // "baseUrl": "./", /* Base directory to resolve non-absolute module names. */ + // "paths": {}, /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */ + // "rootDirs": [], /* List of root folders whose combined content represents the structure of the project at runtime. */ + // "typeRoots": [], /* List of folders to include type definitions from. */ + "types": ["jest", "node"], /* Type declaration files to be included in compilation. */ + // "allowSyntheticDefaultImports": true, /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */ + "esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */ + // "preserveSymlinks": true, /* Do not resolve the real path of symlinks. */ + // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */ + + /* Source Map Options */ + // "sourceRoot": "", /* Specify the location where debugger should locate TypeScript files instead of source locations. */ + // "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */ + // "inlineSourceMap": true, /* Emit a single file with source maps instead of having a separate file. */ + // "inlineSources": true, /* Emit the source alongside the sourcemaps within a single file; requires '--inlineSourceMap' or '--sourceMap' to be set. */ + + /* Experimental Options */ + // "experimentalDecorators": true, /* Enables experimental support for ES7 decorators. */ + // "emitDecoratorMetadata": true, /* Enables experimental support for emitting type metadata for decorators. */ + + /* Advanced Options */ + "skipLibCheck": true, /* Skip type checking of declaration files. */ + "forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */ + }, + "exclude": [ + "examples", + ] +} diff --git a/examples/customStorageExample/development/.eslintignore b/examples/customStorageExample/development/.eslintignore new file mode 100644 index 0000000..dd87e2d --- /dev/null +++ b/examples/customStorageExample/development/.eslintignore @@ -0,0 +1,2 @@ +node_modules +build diff --git a/examples/customStorageExample/development/.eslintrc b/examples/customStorageExample/development/.eslintrc new file mode 100644 index 0000000..2623374 --- /dev/null +++ b/examples/customStorageExample/development/.eslintrc @@ -0,0 +1,36 @@ +{ + "root": true, + "parser": "@typescript-eslint/parser", + "plugins": [ + "@typescript-eslint", + "no-loops" + ], + "extends": [ + "eslint:recommended", + "plugin:@typescript-eslint/eslint-recommended", + "plugin:@typescript-eslint/recommended", + "plugin:@shopify/esnext" + ], + "settings": { + "import/resolver": { + "node": { + "extensions": [ + ".js", + ".jsx", + ".ts", + ".tsx" + ] + } + } + }, + "rules": { + "no-undef": 0, + "no-process-env": 0, + "no-unused-vars": 0, + "require-await": 0, + "@typescript-eslint/no-explicit-any": 0, + "id-length": 0, + "@typescript-eslint/explicit-module-boundary-types": 0, + "@typescript-eslint/no-var-requires": 0 + } +} diff --git a/examples/customStorageExample/development/ApiConfig.json b/examples/customStorageExample/development/ApiConfig.json new file mode 100644 index 0000000..2e88ce0 --- /dev/null +++ b/examples/customStorageExample/development/ApiConfig.json @@ -0,0 +1,23 @@ +{ + "defaultAdapterOptions": { + "keycloakJson": { + "realm": "express-example", + "auth-server-url": "http://localhost:8090/auth/", + "ssl-required": "external", + "resource": "express-example", + "credentials": { + "secret": "express-example" + }, + "use-resource-role-mappings": true, + "confidential-port": 0 + } + }, + "keys": { + "privateKey": { + "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD40tysViQSnd3E\nIe5+6hDM/7ixHND8UoxYAKWwnA2/PdH2lq/pzjOo1t1Jt6ZbZx2l3cNUDt7FQXHL\nvZeEn0w75/LVe/gIeoKJIUTWrXyVOrrPn50oWiaKX5pnMCLWUwk1usRwnP7o26SH\nURTebSfBI7kQfh22aiv68qgGvo4lMWISVrWNCNej4oItLafRzvgBBD7GvJhqvPIW\nTMFyqDzGRtVk8nYi9x3Wwp72eUW9aY/j/akPTLdU5a+uAjlQYDrPa0wkg+/2KIhx\nGD/ffyggjvUaopzOEbnNGyBVXiOS3rQwwQnXNq+ip0xVecYVDJBlpOdQAxE77fUl\nRrw5DzKtAgMBAAECggEASLuyf7nKX5q/2XYltfmLobDadwM6X5dtqMe/pylmp1FV\nz6PqlgiNdzwfgU3qletFclepoieanMRtlCW+Zaj+6r/5bsgHD8tn3tfXvH0H3sNF\nGi3JDaOUgnxBsQoUFNw+4/LNOzHZHY4ewONFm2MC7OUZUqXa35iXdIp77UTEXkBG\nn4QdMraDW1DJUCx8nlUXHPntFN1AJANnx92Nsg6ZbhQrRRH4Lw8ydnUa3bN+Cy12\n9secVwo2RVS8slJgW21UpkVKEdUxe0VIL2++0trMokGK219AwlQV86hzEDmVUum2\nRIR3S0eknzvkJKspYc0tVvy/1uWnZggeJ+mNo1w4DQKBgQD/jpEpcdYJ9tHtBI3L\ne8s2Q4QLqdVPScS5dMDCw0aE6+CQoDSr0l37tHy5hxPJT+WalhyLCvPVtj0H97NP\nZLAoF/pgARpd3qhPM90R7/h7HgqxW/y+n1Qt/bAG+sR6n8LCcriYU+/PeUp1ugSW\nAYipqpexeRHhbwAI6pAWBj9ZXwKBgQD5QU5q6gnzdM20WVzp3K4eevpaOt9w/OUW\neI6o9wgVkvAo0p9irq8OM1SQlL3w3cX/YHktG9iF5oNRW6M2p7aKN1d5ZlUDhr1k\n/ogbtqg2CTWUikac4cUlZcour589DExlpvVL3zQda5/L7Cr0RrBmKRjMb1fyPXsy\nWJIllAgTcwKBgQDta7AlBuNJQotpXe+1+f6jHTqR82h/TxN7EKL8zpq3ZsSs2InW\nj4xNCjNN0dZqEtZHNeqyqqw6AiLVQiTOP8cAmLY9dwjd6LwJSS+7OGxrRU+90q4P\nEssMJ0HgWh0rpz0zlY01x9VltVOd6AHWsvoaVqizcr1P6OXpYrIWJBu6lQKBgQDS\n5isP048v67jRzHsNdafuKmgCSKYe2ByOcttipAK3HmkOYYhy2xNLlKsM2o4Ma9nI\nRzzAqjr+sRiTklH7QNT3BfSBx9BO94bxGVzY9ihF8Gzhjk5JF87T4di8v+SgpvNN\nX4NV+zoBWrsOtHlzzwwapNNSxzNGyDahVsfx+9sJeQKBgFuvm70VulN5Rd4TMcF2\nWixQNHEDStWBWPTa15ehDRIvxqfGZCkuY5o9tGY1vHxnpiHhqVheyRtLuHI6j5b3\nil3T5+cXdt1MnmkXUksqwgwcJdMqI5fmcuO9vdeYuGV4MoXysBdKMhqPybcVIonT\n5coMCbW92hodfPZ3F93PQpJU\n-----END PRIVATE KEY-----\n" + }, + "publicKey": { + "key": "-----BEGIN CERTIFICATE-----\nMIIDjzCCAnegAwIBAgIUNC48rSIoaMJC9YAcJ/MnfQcBmDgwDQYJKoZIhvcNAQEL\nBQAwVjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By\naW5nZmllbGQxDDAKBgNVBAoMA0RpczESMBAGA1UEAwwJZGV2c2VydmVyMCAXDTIx\nMDYwNzIwMTQzOVoYDzIxMjEwNTE0MjAxNDM5WjBWMQswCQYDVQQGEwJVUzEPMA0G\nA1UECAwGRGVuaWFsMRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UECgwDRGlz\nMRIwEAYDVQQDDAlkZXZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQD40tysViQSnd3EIe5+6hDM/7ixHND8UoxYAKWwnA2/PdH2lq/pzjOo1t1J\nt6ZbZx2l3cNUDt7FQXHLvZeEn0w75/LVe/gIeoKJIUTWrXyVOrrPn50oWiaKX5pn\nMCLWUwk1usRwnP7o26SHURTebSfBI7kQfh22aiv68qgGvo4lMWISVrWNCNej4oIt\nLafRzvgBBD7GvJhqvPIWTMFyqDzGRtVk8nYi9x3Wwp72eUW9aY/j/akPTLdU5a+u\nAjlQYDrPa0wkg+/2KIhxGD/ffyggjvUaopzOEbnNGyBVXiOS3rQwwQnXNq+ip0xV\necYVDJBlpOdQAxE77fUlRrw5DzKtAgMBAAGjUzBRMB0GA1UdDgQWBBRJRP2WG0uR\nvDPnSRmV6Y8Rxu6ErDAfBgNVHSMEGDAWgBRJRP2WG0uRvDPnSRmV6Y8Rxu6ErDAP\nBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDhKnZDt5VwTroWcTtX\nLSqIDtLLHiZxk6PIE8X9DG+rU//4Rfd+MFHClcKWiyLgYZPdgPaXSDXPiyfxlb7v\njOA0F0PXbEpR/RmjM5A+x3gljSufrWgedEC6rFFEg5Ju1IY+/7nJYkvd3ICMiLB3\ngOczMEp/tI7m89DS+bJAGG8AIYeBjj+3OjuGdEFtXpkt1ri33LYC4wK+rjqkBMyi\njqwex5bEkloSuyWP/IIDa8OpBWUM17H9ZswG74kQr5/wsvvTxc/JvRmMtNrbUyKa\n2JKXA1IJgNPP4/v2FxiGTibidZVf0fyXVqarU5Ngj/fVQyn7EBg+VGqPintiL5xU\ngUsi\n-----END CERTIFICATE-----\n" + } + } +} diff --git a/examples/customStorageExample/development/README.md b/examples/customStorageExample/development/README.md new file mode 100644 index 0000000..d5c85ff --- /dev/null +++ b/examples/customStorageExample/development/README.md @@ -0,0 +1,24 @@ +# ReactJs FrontEnd Environment for development + +1. **Run Docker** +Using the image from https://hub.docker.com/r/jboss/keycloak/ +``` + cd .. +docker run -p 8090:8080 -e JAVA_OPTS="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true" -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -v `pwd`:/express -e KEYCLOAK_IMPORT=/express/example-realm-export.json jboss/keycloak +``` + +2. **Run localhost development server** +```bash +npm i +npm run start +``` + +## 4. Open UI +[http://localhost:3000](http://localhost:3000) + +users: + +| User | Password | +|:----------|:-----------| +| user | user | + diff --git a/examples/customStorageExample/development/craco.config.js b/examples/customStorageExample/development/craco.config.js new file mode 100644 index 0000000..9d6ef7e --- /dev/null +++ b/examples/customStorageExample/development/craco.config.js @@ -0,0 +1,26 @@ +const {CustomStorageDB} = require("customstorage/dist"); + +const adapter = require('keycloak-api-gateway/dist/index'); +const fs = require('fs'); + +const options = JSON.parse(fs.readFileSync('./ApiConfig.json', 'utf-8')); +options.storageType=new CustomStorageDB(); +const keycloakApiGateWayAdapter = new adapter.KeycloakApiGateWayAdapter( + options +); + + +module.exports = { + webpack: { + configure: (webpackConfig, {env, paths}) => { + webpackConfig.devServer = {}; + keycloakApiGateWayAdapter.webPackDevServerMiddleWare(webpackConfig.devServer); + return webpackConfig; + } + }, + devServer: (devServerConfig) => { + keycloakApiGateWayAdapter.webPackDevServerMiddleWare().applyMiddleWare(devServerConfig); + return devServerConfig; + }, + keycloakApiGateWayAdapter +}; diff --git a/examples/customStorageExample/development/package.json b/examples/customStorageExample/development/package.json new file mode 100644 index 0000000..07e157b --- /dev/null +++ b/examples/customStorageExample/development/package.json @@ -0,0 +1,53 @@ +{ + "name": "devserverexample", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "start": "SKIP_PREFLIGHT_CHECK=true craco start", + "build": "SKIP_PREFLIGHT_CHECK=true craco build", + "lint": "eslint src --ext .tsx src", + "lint:fix": "eslint --fix src --ext .tsx" + }, + "author": "", + "license": "ISC", + "dependencies": { + "antd": "^4.16.6", + "axios": "^0.21.1", + "jsonwebtoken": "^8.5.1", + "react": "^17.0.2", + "react-dom": "^17.0.2", + "customstorage": "../customStorage" + }, + "devDependencies": { + "@craco/craco": "^6.2.0", + "@types/jsonwebtoken": "^8.5.4", + "@types/react": "^17.0.13", + "@types/react-dom": "^17.0.8", + "body-parser": "^1.19.0", + "keycloak-api-gateway": "../../..", + "cookie": "^0.4.1", + "cookie-parser": "^1.4.5", + "express": "^4.17.1", + "express-session": "^1.17.2", + "parcel-bundler": "^1.12.5", + "typescript": "^4.3.5", + "webpack-manifest-plugin": "^3.1.1", + "@shopify/eslint-plugin": "^40.3.0", + "@typescript-eslint/parser": "^4.28.2", + "eslint": "^7.30.0", + "eslint-plugin-no-loops": "^0.3.0" + }, + "browserslist": { + "production": [ + ">0.2%", + "not dead", + "not op_mini all" + ], + "development": [ + "last 1 chrome version", + "last 1 firefox version", + "last 1 safari version" + ] + } +} diff --git a/examples/customStorageExample/development/public/index.html b/examples/customStorageExample/development/public/index.html new file mode 100644 index 0000000..0adb5e3 --- /dev/null +++ b/examples/customStorageExample/development/public/index.html @@ -0,0 +1,9 @@ + + + + + + +
+ + diff --git a/examples/customStorageExample/development/public/public/index.html b/examples/customStorageExample/development/public/public/index.html new file mode 100644 index 0000000..0986a34 --- /dev/null +++ b/examples/customStorageExample/development/public/public/index.html @@ -0,0 +1,8 @@ + + + + + +

Public Access

+ + diff --git a/examples/customStorageExample/development/server.crt b/examples/customStorageExample/development/server.crt new file mode 100644 index 0000000..7ab09bd --- /dev/null +++ b/examples/customStorageExample/development/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnegAwIBAgIUNC48rSIoaMJC9YAcJ/MnfQcBmDgwDQYJKoZIhvcNAQEL +BQAwVjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By +aW5nZmllbGQxDDAKBgNVBAoMA0RpczESMBAGA1UEAwwJZGV2c2VydmVyMCAXDTIx +MDYwNzIwMTQzOVoYDzIxMjEwNTE0MjAxNDM5WjBWMQswCQYDVQQGEwJVUzEPMA0G +A1UECAwGRGVuaWFsMRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UECgwDRGlz +MRIwEAYDVQQDDAlkZXZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQD40tysViQSnd3EIe5+6hDM/7ixHND8UoxYAKWwnA2/PdH2lq/pzjOo1t1J +t6ZbZx2l3cNUDt7FQXHLvZeEn0w75/LVe/gIeoKJIUTWrXyVOrrPn50oWiaKX5pn +MCLWUwk1usRwnP7o26SHURTebSfBI7kQfh22aiv68qgGvo4lMWISVrWNCNej4oIt +LafRzvgBBD7GvJhqvPIWTMFyqDzGRtVk8nYi9x3Wwp72eUW9aY/j/akPTLdU5a+u +AjlQYDrPa0wkg+/2KIhxGD/ffyggjvUaopzOEbnNGyBVXiOS3rQwwQnXNq+ip0xV +ecYVDJBlpOdQAxE77fUlRrw5DzKtAgMBAAGjUzBRMB0GA1UdDgQWBBRJRP2WG0uR +vDPnSRmV6Y8Rxu6ErDAfBgNVHSMEGDAWgBRJRP2WG0uRvDPnSRmV6Y8Rxu6ErDAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDhKnZDt5VwTroWcTtX +LSqIDtLLHiZxk6PIE8X9DG+rU//4Rfd+MFHClcKWiyLgYZPdgPaXSDXPiyfxlb7v +jOA0F0PXbEpR/RmjM5A+x3gljSufrWgedEC6rFFEg5Ju1IY+/7nJYkvd3ICMiLB3 +gOczMEp/tI7m89DS+bJAGG8AIYeBjj+3OjuGdEFtXpkt1ri33LYC4wK+rjqkBMyi +jqwex5bEkloSuyWP/IIDa8OpBWUM17H9ZswG74kQr5/wsvvTxc/JvRmMtNrbUyKa +2JKXA1IJgNPP4/v2FxiGTibidZVf0fyXVqarU5Ngj/fVQyn7EBg+VGqPintiL5xU +gUsi +-----END CERTIFICATE----- diff --git a/examples/customStorageExample/development/server.key b/examples/customStorageExample/development/server.key new file mode 100644 index 0000000..fa1be60 --- /dev/null +++ b/examples/customStorageExample/development/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD40tysViQSnd3E +Ie5+6hDM/7ixHND8UoxYAKWwnA2/PdH2lq/pzjOo1t1Jt6ZbZx2l3cNUDt7FQXHL +vZeEn0w75/LVe/gIeoKJIUTWrXyVOrrPn50oWiaKX5pnMCLWUwk1usRwnP7o26SH +URTebSfBI7kQfh22aiv68qgGvo4lMWISVrWNCNej4oItLafRzvgBBD7GvJhqvPIW +TMFyqDzGRtVk8nYi9x3Wwp72eUW9aY/j/akPTLdU5a+uAjlQYDrPa0wkg+/2KIhx +GD/ffyggjvUaopzOEbnNGyBVXiOS3rQwwQnXNq+ip0xVecYVDJBlpOdQAxE77fUl +Rrw5DzKtAgMBAAECggEASLuyf7nKX5q/2XYltfmLobDadwM6X5dtqMe/pylmp1FV +z6PqlgiNdzwfgU3qletFclepoieanMRtlCW+Zaj+6r/5bsgHD8tn3tfXvH0H3sNF +Gi3JDaOUgnxBsQoUFNw+4/LNOzHZHY4ewONFm2MC7OUZUqXa35iXdIp77UTEXkBG +n4QdMraDW1DJUCx8nlUXHPntFN1AJANnx92Nsg6ZbhQrRRH4Lw8ydnUa3bN+Cy12 +9secVwo2RVS8slJgW21UpkVKEdUxe0VIL2++0trMokGK219AwlQV86hzEDmVUum2 +RIR3S0eknzvkJKspYc0tVvy/1uWnZggeJ+mNo1w4DQKBgQD/jpEpcdYJ9tHtBI3L +e8s2Q4QLqdVPScS5dMDCw0aE6+CQoDSr0l37tHy5hxPJT+WalhyLCvPVtj0H97NP +ZLAoF/pgARpd3qhPM90R7/h7HgqxW/y+n1Qt/bAG+sR6n8LCcriYU+/PeUp1ugSW +AYipqpexeRHhbwAI6pAWBj9ZXwKBgQD5QU5q6gnzdM20WVzp3K4eevpaOt9w/OUW +eI6o9wgVkvAo0p9irq8OM1SQlL3w3cX/YHktG9iF5oNRW6M2p7aKN1d5ZlUDhr1k +/ogbtqg2CTWUikac4cUlZcour589DExlpvVL3zQda5/L7Cr0RrBmKRjMb1fyPXsy +WJIllAgTcwKBgQDta7AlBuNJQotpXe+1+f6jHTqR82h/TxN7EKL8zpq3ZsSs2InW +j4xNCjNN0dZqEtZHNeqyqqw6AiLVQiTOP8cAmLY9dwjd6LwJSS+7OGxrRU+90q4P +EssMJ0HgWh0rpz0zlY01x9VltVOd6AHWsvoaVqizcr1P6OXpYrIWJBu6lQKBgQDS +5isP048v67jRzHsNdafuKmgCSKYe2ByOcttipAK3HmkOYYhy2xNLlKsM2o4Ma9nI +RzzAqjr+sRiTklH7QNT3BfSBx9BO94bxGVzY9ihF8Gzhjk5JF87T4di8v+SgpvNN +X4NV+zoBWrsOtHlzzwwapNNSxzNGyDahVsfx+9sJeQKBgFuvm70VulN5Rd4TMcF2 +WixQNHEDStWBWPTa15ehDRIvxqfGZCkuY5o9tGY1vHxnpiHhqVheyRtLuHI6j5b3 +il3T5+cXdt1MnmkXUksqwgwcJdMqI5fmcuO9vdeYuGV4MoXysBdKMhqPybcVIonT +5coMCbW92hodfPZ3F93PQpJU +-----END PRIVATE KEY----- diff --git a/examples/customStorageExample/development/src/App.tsx b/examples/customStorageExample/development/src/App.tsx new file mode 100644 index 0000000..ee4bb95 --- /dev/null +++ b/examples/customStorageExample/development/src/App.tsx @@ -0,0 +1,68 @@ +import {decode} from "jsonwebtoken"; +import {Card, Spin, Typography} from "antd"; +import Title from "antd/es/typography/Title"; +import Paragraph from "antd/es/typography/Paragraph"; +// eslint-disable-next-line no-use-before-define +import * as React from 'react'; + +import {fetchData} from "./restCalls"; + + +export default class App extends React.Component { + state = { + loading: true, + token: { + email: "", + name: "", + // eslint-disable-next-line babel/camelcase + preferred_username: "", + }, + jwt: '', + }; + + async componentDidMount() { + try { + this.setState({ + loading: true, + }); + const tokenString = await fetchData('/token', 'GET', {}); + const accessToken = JSON.parse(tokenString).activeToken; + this.state.jwt = accessToken; + this.setState({ + token: decode(accessToken), + jwt: accessToken, + loading: false, + }); + } catch (e) { + this.setState({ + loading: false, + jwt: e.message, + }); + } + + } + + render() { + + return this.state.loading ? ( + ) : ( +
+ + Current User Info + +

{this.state.token.name}

+

{this.state.token.email}

+ + Access Token + + {this.state.jwt} + + Access Token Payload + + {JSON.stringify(this.state.token)} + + +
+ ); + } +} diff --git a/examples/customStorageExample/development/src/index.tsx b/examples/customStorageExample/development/src/index.tsx new file mode 100644 index 0000000..a9ec760 --- /dev/null +++ b/examples/customStorageExample/development/src/index.tsx @@ -0,0 +1,10 @@ +import {render} from 'react-dom'; +import 'antd/dist/antd.css'; + +import App from "./App"; + + +render( + , + document.getElementById('root'), +); diff --git a/examples/customStorageExample/development/src/react-app-env.d.ts b/examples/customStorageExample/development/src/react-app-env.d.ts new file mode 100644 index 0000000..30da896 --- /dev/null +++ b/examples/customStorageExample/development/src/react-app-env.d.ts @@ -0,0 +1 @@ +// / diff --git a/examples/customStorageExample/development/src/restCalls.ts b/examples/customStorageExample/development/src/restCalls.ts new file mode 100644 index 0000000..a968ee3 --- /dev/null +++ b/examples/customStorageExample/development/src/restCalls.ts @@ -0,0 +1,27 @@ +const fetch = require('axios'); + +export async function fetchData(url:string, method = 'GET', headers:any) { + const ret = await fetch({ + url, + method, + headers, + transformResponse: (req:any) => req, + withCredentials: true, + timeout: 29000, + }); + return ret.data; +} + +export async function sendData(url:string, method = 'POST', data:string, headers:any) { + const ret = await fetch({ + url, + method, + data, + transformResponse: (req:any) => req, + headers, + withCredentials: true, + timeout: 29000, + }); + return ret.data; +} + diff --git a/examples/customStorageExample/development/tsconfig.json b/examples/customStorageExample/development/tsconfig.json new file mode 100644 index 0000000..a273b0c --- /dev/null +++ b/examples/customStorageExample/development/tsconfig.json @@ -0,0 +1,26 @@ +{ + "compilerOptions": { + "target": "es5", + "lib": [ + "dom", + "dom.iterable", + "esnext" + ], + "allowJs": true, + "skipLibCheck": true, + "esModuleInterop": true, + "allowSyntheticDefaultImports": true, + "strict": true, + "forceConsistentCasingInFileNames": true, + "noFallthroughCasesInSwitch": true, + "module": "esnext", + "moduleResolution": "node", + "resolveJsonModule": true, + "isolatedModules": true, + "noEmit": true, + "jsx": "react-jsx" + }, + "include": [ + "src" + ] +} diff --git a/examples/customStorageExample/example-realm-export.json b/examples/customStorageExample/example-realm-export.json new file mode 100644 index 0000000..de80595 --- /dev/null +++ b/examples/customStorageExample/example-realm-export.json @@ -0,0 +1,2161 @@ +{ + "id": "express-example", + "realm": "express-example", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "users": [ + { + "username": "user", + "enabled": true, + "email": "example-user@example", + "firstName": "Lambda", + "lastName": "User", + "credentials": [ + { + "type": "password", + "value": "user" + } + ] + } + ], + "roles": { + "realm": [ + { + "id": "2f0bd167-c66a-48a5-b13b-6ca51325c95e", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "express-example", + "attributes": {} + }, + { + "id": "46e452b4-cfa8-4851-ba86-83fca6f37b96", + "name": "default-roles-express-example", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "express-example", + "attributes": {} + }, + { + "id": "eff3b337-5626-4eaf-8ee5-83d7c0cd1312", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "express-example", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "37e628b4-abd0-4d2a-8b42-d5bb15c1a333", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "1359f651-21b6-4f9e-a7c3-f4e431f9765f", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "08c0e5dc-349c-46d3-8255-137576defbcb", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "9c575718-942d-4aa9-b647-dbc728ec8dc5", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "dcb417aa-c802-4667-8beb-1ff94562e643", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "9dfc76fa-e4a6-44b3-8e9b-9f0f7aca7f46", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "25f70ca0-6c23-4bb1-9a96-7d7d2f9e87e8", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "e05e8a60-eebb-46ba-9fc1-530a510fb188", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "c98faf9c-1017-4fab-8285-1ee18c5b5c6b", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "e734f3fa-5e9d-4146-94cf-4ade9ffbb76a", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "72de6f7d-a1f1-44fe-a7cf-f2bab78fb445", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "cd086837-f1cf-4c06-bb5e-2c6d86f25510", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "ab36c317-9d35-40b3-b744-b1042aead806", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "7e3c17a9-92fa-4c8e-bb55-0f452e92fbaa", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "0bc2d321-190e-472f-9505-acc5282f2d67", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "45b52dfe-47b9-451e-b664-acfa7bd5b97a", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "372b9c82-9b44-45d2-8515-cf685ab3e18a", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "view-realm", + "view-events", + "view-identity-providers", + "query-clients", + "manage-authorization", + "manage-clients", + "query-users", + "impersonation", + "manage-identity-providers", + "view-authorization", + "query-realms", + "manage-users", + "view-clients", + "view-users", + "manage-events", + "create-client", + "manage-realm" + ] + } + }, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "929a5788-b17d-4036-b482-206ea7d7acaf", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + }, + { + "id": "98071063-6c41-43d8-877b-c7541f939ca2", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "express-example": [], + "broker": [ + { + "id": "c0fd3bfa-c61a-459b-9a43-a822d8d535d2", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "158ee2e8-1a3b-46a0-88d7-57250af3b9fe", + "attributes": {} + } + ], + "account": [ + { + "id": "5cc55870-239a-4401-ae18-52f2a3dc3db5", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + }, + { + "id": "df9a10bf-5670-4573-824a-b47bb52e014c", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + }, + { + "id": "fb16d9ab-8164-4ae5-b102-9073f884a8ba", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + }, + { + "id": "eb617548-baa5-4c5f-bb22-aa39e6aaafc9", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + }, + { + "id": "faa56323-4890-4daa-bc82-b55e22b79850", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + }, + { + "id": "6566efe0-a336-49f1-a7f5-30ce108bb0af", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + }, + { + "id": "0573da97-480c-4087-9244-3cb7bb972c97", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "46e452b4-cfa8-4851-ba86-83fca6f37b96", + "name": "default-roles-express-example", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "express-example" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [ + { + "name": "builtin-default-policy", + "builtin": true, + "enable": false + } + ] + }, + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, + "clients": [ + { + "id": "e4e8a697-2066-4559-87f5-8b8bba0c04ab", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/express-example/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/express-example/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "14a6c417-d4bc-4890-a846-ad86c3add6d4", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/express-example/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/express-example/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "7c5c4c6c-106e-429a-8d04-2b83bbbda36d", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "82249eb3-c123-43d9-822a-287b8d2ca81d", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "158ee2e8-1a3b-46a0-88d7-57250af3b9fe", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "c72139f1-d6c6-429b-9ea3-976bf84f15ab", + "clientId": "express-example", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "express-example", + "redirectUris": [ + "*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f3426371-80d1-4de2-b18c-cc82c3e6c8e0", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "a8c141d0-c49d-46ce-bec9-ff16981fe04b", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/express-example/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/express-example/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "6ddcec4b-28e3-4f2f-9327-6b24258c6aa2", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "42154f5d-a593-4d9e-83e8-8806dfd9394a", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "8effbb7f-2d36-43e0-aa75-1638cf74e8c5", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "e40ab1d2-a391-4810-8d2a-5c72fc8f5bd3", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "06e0ef0f-4556-434e-a331-00f96e595b3d", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "63c15256-4ce1-44a2-b2bf-7b362f398583", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "0ecdd80b-b30b-4bb0-9ebe-bd1ddccec386", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "b30c8c56-025e-4c9a-8bf7-59928723fce4", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "2be2718d-61b6-43e1-a37d-b9751ca6bf2a", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "0bc4b0d1-30aa-4c85-834a-cb0c51e33a2b", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "27799154-4287-4342-bd63-c8c8b172b542", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "fec9edd0-8c11-47c9-8cb1-0008b5b44ed2", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "9b8c3eb6-9fd7-4b54-b60a-ab926c6cb515", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "d5cf7f6e-042e-4acc-97a7-fe792a272747", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "40b2c392-0b88-490f-a209-b07f96eb1c94", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "eaf6681e-82df-4416-98b3-9bccf711698c", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "266bc0b9-a699-4ea4-a145-430b7272a4f1", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "3ed0626a-1e38-404a-9796-fda6d7e670de", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "05407d82-9cc8-4f3b-9649-5f6b1a37c216", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "28a2cd9d-b252-4a9c-a3d8-08be61ea93be", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "59d892d3-2c3d-4c6b-babd-24170eca2144", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "02924425-1bce-4b27-af8c-b578bc817776", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "4685308f-a5d1-4895-b3b7-247367739d54", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "8c5a5898-b0d2-4674-8260-de8f90bba77d", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "d15ce378-f475-468f-836c-5cc69c2e48ae", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "8ae6ba28-222a-4a0c-9218-2c26fb573080", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "1a62c738-a1df-4126-bf15-b3490c973c70", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "0f4a04a7-8570-4e14-94c7-f2bc6ce6c9a4", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "e1953daf-1aa2-4ab8-a440-6ac71fd52303", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "4b4a174f-d8a2-4dd9-9e95-727022787ba8", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "317bcfae-17f7-4898-a9c8-d0bb0bf639a4", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "287f2fa4-4dca-4abe-892f-ff4f7e41abe5", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "0bccc2e0-9664-4f52-80e5-7270e43751c5", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "950594f1-11fc-49c8-9bbe-7c1a1a083d32", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "23d6fee9-f915-4ca7-9f88-bb9f7ef47dd8", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "06fb48a2-d5a5-4610-96c1-4dfe7914ef5c", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "roles", + "role_list", + "profile", + "email", + "web-origins" + ], + "defaultOptionalClientScopes": [ + "address", + "offline_access", + "microprofile-jwt", + "phone" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "16e2198b-1efc-4def-ad30-a6c603242d33", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "d2ac3770-a42d-44b7-af64-1fb35870dd16", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "930185fb-9c70-44bc-a9d3-11acc964e875", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "e61038c6-0b37-46b2-be2d-f14e56617cc3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "d5cb90d7-c80c-4adf-b7cd-c9a975d7f7af", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "6eebce41-ba31-4e5c-a3b1-438226136ec4", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "c82ea758-2b32-4ebf-a526-879f1b26a3d6", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "9ced4f49-6c58-4745-b2c4-3716e1fb64b3", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "a3bff136-3697-4738-890f-87782afaa7fc", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "5f75b1a5-1455-4bf4-a1fa-cdf32025c7fd", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "df557c3b-ef6e-456c-8b9c-d6d414bd6f4b", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "eb0eb52c-7977-476f-a03d-8d7496d6fc1a", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "5a3d3fb3-10a3-49db-bb50-8df1ce8c14fd", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "02345d13-a084-459d-9e04-786ccb1d1e5b", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "69bbcf83-9e9f-4d80-8733-c74001cdb745", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "f615b508-d1f8-4bc7-9a15-1c9c7b32297a", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "53b3a1ac-ebac-4d4d-a2e4-766bb132a9b0", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Account verification options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "091b1475-340a-49f5-bb76-01f1d1a6daab", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "52ad1fad-c08f-4768-a5dd-60d5ef597678", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "2d7d427f-b942-4834-839f-928d2af789ff", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "a5de66c5-2063-43bd-b514-c18cb416e3ee", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "dfccb716-732c-41a1-8529-3feea530d746", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "a8eb3cfb-7887-47e8-9cfd-67edb21cad52", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "b50fc0f1-9e61-439c-ae20-a1b9ff9cec78", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "7d9fdb3f-77c3-4e67-bec8-a652b193b68a", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "User creation or linking", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "b157c10e-b400-47d0-a913-dc79deaea756", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "31c28fa6-8339-4da0-903d-324a4434c691", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Authentication Options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "da342d33-7258-4e8b-81d0-8b911895bf07", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "1e4be3e8-5062-484a-af5d-717cf3c073e3", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "243927ee-b406-48cf-b71f-42b4845f1c53", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "6a1d1c58-874a-41af-8336-132e80be5278", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "efc6a6bf-e4cf-4798-be44-35190b9dd913", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "27675e61-7365-4d1a-bf8e-a93b9412c9d2", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "cibaInterval": "5" + }, + "keycloakVersion": "13.0.1", + "userManagedAccessAllowed": false +} diff --git a/examples/customStorageExample/production/.eslintignore b/examples/customStorageExample/production/.eslintignore new file mode 100644 index 0000000..f06235c --- /dev/null +++ b/examples/customStorageExample/production/.eslintignore @@ -0,0 +1,2 @@ +node_modules +dist diff --git a/examples/customStorageExample/production/.eslintrc b/examples/customStorageExample/production/.eslintrc new file mode 100644 index 0000000..f3923a7 --- /dev/null +++ b/examples/customStorageExample/production/.eslintrc @@ -0,0 +1,38 @@ +{ + "root": true, + "parser": "@typescript-eslint/parser", + "plugins": [ + "@typescript-eslint", + "no-loops" + ], + "extends": [ + "eslint:recommended", + "plugin:@typescript-eslint/eslint-recommended", + "plugin:@typescript-eslint/recommended", + "plugin:@shopify/esnext" + ], + "settings": { + "import/resolver": { + "node": { + "extensions": [ + ".js", + ".jsx", + ".ts", + ".tsx" + ] + } + } + }, + "rules": { + "no-undef": 0, + "no-process-env": 0, + "no-unused-vars": 0, + "require-await": 0, + "@typescript-eslint/no-explicit-any": 0, + "id-length": 0, + "@typescript-eslint/explicit-module-boundary-types": 0, + "@typescript-eslint/no-var-requires": 0, + "no-return-await": 0, + "no-console": 0 + } +} diff --git a/examples/customStorageExample/production/keycloak-lambda-cdk/cdk.json b/examples/customStorageExample/production/keycloak-lambda-cdk/cdk.json new file mode 100644 index 0000000..6780e97 --- /dev/null +++ b/examples/customStorageExample/production/keycloak-lambda-cdk/cdk.json @@ -0,0 +1,4 @@ +{ + "app": "node index.js", + "plugin": ["cdk-assume-role-credential-plugin"] +} diff --git a/examples/customStorageExample/production/keycloak-lambda-cdk/deploy.sh b/examples/customStorageExample/production/keycloak-lambda-cdk/deploy.sh new file mode 100755 index 0000000..0642021 --- /dev/null +++ b/examples/customStorageExample/production/keycloak-lambda-cdk/deploy.sh @@ -0,0 +1,93 @@ +set -e + +function help +{ +echo ' +Usage deploy.sh OPTIONS + +deploy reactJSExample infrastructure + +Options: + -n, --name REQUIRED uniq id + -r, --role REQUIRED arnRole + -url, --keycloakUrl REQUIRED Keycloak Url + --profile aws profile + --help Help screen +' +} + +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -n|--name) + BUCKET_NAME="$2" + shift + shift + ;; + -r|--role) + ROLE="$2" + shift + shift + ;; + -url|--keycloakUrl) + KEYCLOAK_URL="$2" + shift + shift + ;; + --profile) + PROFILE="$2" + shift + shift + ;; + --help) + help + exit + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done + +set -- "${POSITIONAL[@]}" # restore positional parameters + +if [[ "x${BUCKET_NAME}" = "x" ]]; then + echo "Error: bucket name is required" + help + exit 1; +fi + +if [[ "x${ROLE}" = "x" ]]; then + echo "Error: Arn Role is required" + help + exit 1; +fi +if [[ "x${KEYCLOAK_URL}" = "x" ]]; then + echo "Error: Keycloak Url is required" + help + exit 1; +fi +#npm i aws-cdk -g +#npm i +#npm run build +export AWS_DEFAULT_REGION=us-east-1 +#export stackName="example-${BUCKET_NAME}" +export bucketName="${BUCKET_NAME}" +export arnRole="${ROLE}" +export keycloakUrl="${KEYCLOAK_URL}" + + +if [[ "x${PROFILE}" = "x" ]]; then + echo "PROFILE IS EMPTY" + cdk -v bootstrap + cdk -v deploy + exit 0; +fi +cdk synth -v +cdk -v bootstrap --profile="${PROFILE}" +cdk -v deploy --profile="${PROFILE}" + diff --git a/examples/customStorageExample/production/keycloak-lambda-cdk/index.js b/examples/customStorageExample/production/keycloak-lambda-cdk/index.js new file mode 100644 index 0000000..4260445 --- /dev/null +++ b/examples/customStorageExample/production/keycloak-lambda-cdk/index.js @@ -0,0 +1,126 @@ +const fs = require('fs'); + +const cdk = require('@aws-cdk/core'); +const iam = require('@aws-cdk/aws-iam'); +const dynamodb = require('@aws-cdk/aws-dynamodb'); +const s3 = require('@aws-cdk/aws-s3'); +const s3Deployment = require('@aws-cdk/aws-s3-deployment'); +const lambda = require('@aws-cdk/aws-lambda'); +const cloudfront = require('@aws-cdk/aws-cloudfront'); + +const {bucketName, keycloakUrl} = process.env; +const roleArn = process.env.arnRole; + +class KeycloakCloudFrontExampleStack extends cdk.Stack { + + constructor(parent, id, props) { + super(parent, id, props); + + const role = iam.Role.fromRoleArn(this, `Role ${bucketName}`, roleArn, {mutable: false}); + const bucket = new s3.Bucket(this, 'lambda-edge-bucket', { + accessControl: s3.BucketAccessControl.AUTHENTICATED_READ, + removalPolicy: cdk.RemovalPolicy.DESTROY, + publicReadAccess: false, + blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, + bucketName, + }); + this.updateConfig(bucketName); + const lambdaEdge = new lambda.Function(this, 'lambda-edge-example', { + runtime: lambda.Runtime.NODEJS_12_X, + handler: 'lambda.handler', + code: lambda.Code.fromAsset('../dist/lambda'), + functionName: `function_${bucketName}`, + role, + memorySize: 128, + timeout: cdk.Duration.seconds(5), + }); + const VersionLambdaEdge = new lambda.Version(this, 'lambda-edge-example Version', { + lambda: lambdaEdge, + description: `lambda-edge-example Version ${Math.random() * (99999 - 1) + 1}`, + }); + + const accessIdentityId = `access-identity-${bucketName}`; + + const comment = `OriginAccessIdentity-${bucketName}`; + const oai = new cloudfront.OriginAccessIdentity(this, accessIdentityId, { + comment, + }); + + bucket.addToResourcePolicy(new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [oai.grantPrincipal], + actions: ['s3:GetObject'], + resources: [`arn:aws:s3:::${bucketName}/*`], + })); + const sessionTable = new dynamodb.Table(this, `Session ${bucketName}`, { + tableName: bucketName, + partitionKey: {name: 'sessionId', type: dynamodb.AttributeType.STRING}, + removalPolicy: cdk.RemovalPolicy.DESTROY, + timeToLiveAttribute: 'exp', + }); + sessionTable.grantFullAccess(role); + const frontWebDistribution = new cloudfront.CloudFrontWebDistribution(this, `cloudfront-${bucketName}`, { + originConfigs: [{ + s3OriginSource: { + s3BucketSource: bucket, + originAccessIdentity: oai, + }, + behaviors: [ + { + isDefaultBehavior: true, + allowedMethods: cloudfront.CloudFrontAllowedMethods.ALL, + forwardedValues: { + cookies: {forward: 'all'}, + headers: [ + 'Authorization', + 'Referer', + 'Origin', + ], + queryString: true, + }, + lambdaFunctionAssociations: [{ + lambdaFunction: VersionLambdaEdge, + eventType: cloudfront.LambdaEdgeEventType.VIEWER_REQUEST, + }], + }, + ], + }], + viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS, + defaultRootObject: 'index.html', + }); + // eslint-disable-next-line no-new + new s3Deployment.BucketDeployment(this, `BucketDeployment ${bucket}`, { + destinationBucket: bucket, + role, + distribution: frontWebDistribution, + sources: [ + s3Deployment.Source.asset('../../development/build'), + ], + }); + } + + updateConfig(bucketName) { + const apiConfig = JSON.parse(fs.readFileSync('../dist/lambda/ApiConfig.json', 'utf8')); + apiConfig.defaultAdapterOptions.keycloakJson['auth-server-url'] = `${keycloakUrl}/auth/`; + apiConfig.storageTypeSettings = { + tableName: bucketName, + region: 'us-east-1', + apiVersion: '2012-08-10', + }; + fs.writeFileSync('../dist/lambda/ApiConfig.json', JSON.stringify(apiConfig)); + } + + +} + +const app = new cdk.App({context: {}}); +// eslint-disable-next-line no-new +new KeycloakCloudFrontExampleStack(app, `example-${bucketName}`, + { + env: { + account: process.env.CDK_DEPLOY_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT, + region: process.env.CDK_DEPLOY_REGION || process.env.CDK_DEFAULT_REGION, + }, + }); +app.synth(); + diff --git a/examples/customStorageExample/production/keycloak-lambda-cdk/package.json b/examples/customStorageExample/production/keycloak-lambda-cdk/package.json new file mode 100644 index 0000000..3ea038e --- /dev/null +++ b/examples/customStorageExample/production/keycloak-lambda-cdk/package.json @@ -0,0 +1,19 @@ +{ + "name": "keycloak-cloudfront-cdk", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "vzakharchenko", + "license": "Apache-2.0", + "dependencies": { + "@aws-cdk/aws-cloudfront": "^1.111.0", + "@aws-cdk/aws-dynamodb": "^1.111.0", + "@aws-cdk/aws-lambda": "^1.111.0", + "@aws-cdk/aws-s3": "^1.111.0", + "@aws-cdk/aws-s3-deployment": "^1.111.0", + "@aws-cdk/core": "^1.111.0" + } +} diff --git a/examples/customStorageExample/production/lambda.js b/examples/customStorageExample/production/lambda.js new file mode 100644 index 0000000..edef207 --- /dev/null +++ b/examples/customStorageExample/production/lambda.js @@ -0,0 +1,17 @@ +const fs = require('fs'); + +const adapter = require('keycloak-api-gateway/dist'); +const {CustomStorageDB} = require("customstorage/dist"); + +const options = JSON.parse(fs.readFileSync('./ApiConfig.json', 'utf-8')); +options.storageType=new CustomStorageDB(); +const keycloakApiGateWayAdapter = new adapter.KeycloakApiGateWayAdapter( + options, +); + +module.exports.handler = + async (awsEvent) => { + return await keycloakApiGateWayAdapter + .awsLambdaEdgeAdapter() + .handler(awsEvent); + }; diff --git a/examples/customStorageExample/production/package.json b/examples/customStorageExample/production/package.json new file mode 100644 index 0000000..6f03d31 --- /dev/null +++ b/examples/customStorageExample/production/package.json @@ -0,0 +1,67 @@ +{ + "name": "lambda", + "version": "1.0.0", + "description": "", + "main": "lambda.js", + "scripts": { + "lint": "eslint --quiet --ext .js server.js lambda.js ", + "lint:fix": "eslint --fix --quiet --ext .js server.js lambda.js ", + "build": "NODE_ENV=production webpack --config webpack.config.babel.js" + }, + "dependencies": { + "cookie-parser": "^1.4.5", + "express": "^4.17.1", + "keycloak-api-gateway": "../../..", + "customstorage": "../customStorage" + }, + "devDependencies": { + "@babel/core": "^7.14.6", + "@babel/plugin-proposal-decorators": "^7.14.5", + "@babel/plugin-proposal-object-rest-spread": "^7.14.5", + "@babel/plugin-transform-runtime": "^7.14.5", + "@babel/polyfill": "^7.12.1", + "@babel/preset-env": "^7.14.5", + "@babel/register": "^7.14.5", + "@babel/runtime": "^7.14.6", + "aws-sdk": "^2.931.0", + "babel-eslint": "^10.1.0", + "babel-jest": "^27.0.2", + "babel-loader": "^8.2.2", + "copy-webpack-plugin": "^9.0.0", + "coveralls": "^3.1.0", + "enzyme": "^3.11.0", + "eslint": "^7.29.0", + "eslint-config-airbnb": "^18.2.1", + "eslint-plugin-import": "^2.23.4", + "generate-json-webpack-plugin": "^2.0.0", + "jest": "^27.0.4", + "jest-date-mock": "^1.0.8", + "progress-bar-webpack-plugin": "^2.1.0", + "terser-webpack-plugin": "^5.1.3", + "webpack": "^5.39.1", + "webpack-bundle-analyzer": "^4.4.2", + "webpack-cli": "^4.7.2", + "@shopify/eslint-plugin": "^40.2.3", + "@typescript-eslint/parser": "^4.27.0", + "typescript": "^4.3.4", + "eslint-plugin-no-loops": "^0.3.0" + }, + "eslintConfig": { + "plugins": [], + "extends": "airbnb/base", + "ignorePatterns": [ + "node_modules/", + ".webpack/" + ], + "rules": { + "no-undef": 0, + "new-cap": 0, + "import/extensions": 0, + "no-new": 0, + "import/prefer-default-export": 0, + "import/no-extraneous-dependencies": 0 + } + }, + "author": "vzakharchenko", + "license": "ISC" +} diff --git a/examples/customStorageExample/production/server.js b/examples/customStorageExample/production/server.js new file mode 100644 index 0000000..aeeef45 --- /dev/null +++ b/examples/customStorageExample/production/server.js @@ -0,0 +1,24 @@ +const fs = require('fs'); + +const adapter = require('keycloak-api-gateway/dist'); +const express = require('express'); +const cookieParser = require('cookie-parser'); +const {CustomStorageDB} = require("customstorage/dist"); + +const options = JSON.parse(fs.readFileSync('./ApiConfig.json', 'utf-8')); +options.storageType=new CustomStorageDB(); +const keycloakApiGateWayAdapter = new adapter.KeycloakApiGateWayAdapter( + options, +); + +const middlewareServer = express(); +middlewareServer.use(cookieParser()); +middlewareServer.use(async (req, res, next) => { + const expressMiddleWarePromise = await keycloakApiGateWayAdapter.expressMiddleWare(); + await expressMiddleWarePromise.middleWare(req, res, next); +}); +middlewareServer.use(express.static('../../../development/build')); + +middlewareServer.listen(8081, () => { + console.info('HTTP server listening on port 8081'); +}); diff --git a/examples/customStorageExample/production/webpack.config.babel.js b/examples/customStorageExample/production/webpack.config.babel.js new file mode 100644 index 0000000..1a2975f --- /dev/null +++ b/examples/customStorageExample/production/webpack.config.babel.js @@ -0,0 +1,96 @@ +const webpack = require('webpack'); +const TerserPlugin = require('terser-webpack-plugin'); +const ProgressBarPlugin = require('progress-bar-webpack-plugin'); +const CopyPlugin = require("copy-webpack-plugin"); +const BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin; + + +const path = require('path'); + +const env = process.env.NODE_ENV === 'production' ? 'production' : 'development'; + +const config = { + mode: env, + context: __dirname, + target: 'node', + node: { + __dirname: false, + }, + output: { + path: path.join(__dirname, 'dist'), + filename: '[name].js', + libraryTarget: 'commonjs-module', + library: 'authorization', + }, + module: { + rules: [{ + test: /\.(js|jsx)$/, + use: ['babel-loader'], + }, + ], + }, + plugins: [ + new webpack.DefinePlugin({ + '.': '__dirname', + }), + new webpack.optimize.ModuleConcatenationPlugin(), + new ProgressBarPlugin(), + ], + resolve: { + modules: [ + 'node_modules', + ], + }, + stats: { + colors: true, + }, + devtool: false, + optimization: { + minimize: false, + minimizer: [new TerserPlugin({ extractComments: true})], + } +}; + +let configs = [ + { + ...config, + ...{ + entry: { + server: path.join(__dirname, 'server.js'), + }, + output: { + path: path.join(__dirname, 'dist', 'server'), + filename: '[name].js', + libraryTarget: 'commonjs-module', + }, + } + }, + { + ...config, + ...{ + entry: { + lambda: path.join(__dirname, 'lambda.js'), + }, + output: { + path: path.join(__dirname, 'dist', 'lambda'), + filename: '[name].js', + libraryTarget: 'commonjs-module', + }, + externals: { + express: 'express', + "aws-sdk": "commonjs aws-sdk" + }, + } + }, + +]; +configs[0].plugins.push( new CopyPlugin({ + patterns: [ + { from: "../development/ApiConfig.json", to: "ApiConfig.json" }, + ], + options: { + concurrency: 100, + }, +})); +// configs[0].plugins.push( new BundleAnalyzerPlugin()); +module.exports = configs; diff --git a/examples/reactJSExample/development/ApiConfig.json b/examples/reactJSExample/development/ApiConfig.json index 4807191..1018a0f 100644 --- a/examples/reactJSExample/development/ApiConfig.json +++ b/examples/reactJSExample/development/ApiConfig.json @@ -1,17 +1,15 @@ { - "singleTenantOptions": { - "defaultAdapterOptions": { - "keycloakJson": { - "realm": "express-example", - "auth-server-url": "http://localhost:8090/auth/", - "ssl-required": "external", - "resource": "express-example", - "credentials": { - "secret": "express-example" - }, - "use-resource-role-mappings": true, - "confidential-port": 0 - } + "defaultAdapterOptions": { + "keycloakJson": { + "realm": "express-example", + "auth-server-url": "http://localhost:8090/auth/", + "ssl-required": "external", + "resource": "express-example", + "credentials": { + "secret": "express-example" + }, + "use-resource-role-mappings": true, + "confidential-port": 0 } }, "storageType": "InMemoryDB", diff --git a/examples/reactJSExample/production/server.js b/examples/reactJSExample/production/server.js index 340b549..a146c87 100644 --- a/examples/reactJSExample/production/server.js +++ b/examples/reactJSExample/production/server.js @@ -14,7 +14,7 @@ middlewareServer.use(async (req, res, next) => { const expressMiddleWarePromise = await keycloakApiGateWayAdapter.expressMiddleWare(); await expressMiddleWarePromise.middleWare(req, res, next); }); -middlewareServer.use(express.static('../../build')); +middlewareServer.use(express.static('../../../development/build')); middlewareServer.listen(8081, () => { console.info('HTTP server listening on port 8081'); diff --git a/package.json b/package.json index 89dcebf..55fa120 100644 --- a/package.json +++ b/package.json @@ -26,23 +26,23 @@ }, "homepage": "https://github.com/vzakharchenko/keycloak-api-gateway#readme", "devDependencies": { - "@shopify/eslint-plugin": "^40.2.3", - "@types/cookie": "^0.4.0", + "@shopify/eslint-plugin": "^40.3.0", + "@types/cookie": "^0.4.1", "@types/cookie-parser": "^1.4.2", - "@types/jest": "^26.0.23", - "@types/jsonwebtoken": "^8.5.2", - "@types/uuid": "^8.3.0", - "@typescript-eslint/eslint-plugin": "^4.28.0", - "@typescript-eslint/parser": "^4.28.0", - "coveralls": "^3.1.0", - "eslint": "^7.29.0", + "@types/jest": "^26.0.24", + "@types/jsonwebtoken": "^8.5.4", + "@types/uuid": "^8.3.1", + "@typescript-eslint/eslint-plugin": "^4.28.2", + "@typescript-eslint/parser": "^4.28.2", + "coveralls": "^3.1.1", + "eslint": "^7.30.0", "eslint-plugin-no-loops": "^0.3.0", - "jest": "^27.0.3", + "jest": "^27.0.6", "ts-jest": "^27.0.3", - "typescript": "^4.3.4" + "typescript": "^4.3.5" }, "dependencies": { - "aws-sdk": "^2.933.0", + "aws-sdk": "^2.940.0", "jsonwebtoken": "^8.5.1", "keycloak-lambda-authorizer": "^0.5.2", "uuid": "^8.3.2" diff --git a/src/handlers/TokenPageHandler.ts b/src/handlers/TokenPageHandler.ts index 3101207..84b94e6 100644 --- a/src/handlers/TokenPageHandler.ts +++ b/src/handlers/TokenPageHandler.ts @@ -10,6 +10,7 @@ export async function getActiveToken(req:RequestObject, res:ResponseObject, next:any, context:CustomPageHandlerContext):Promise { + if (!context.sessionToken) { throw new Error('sessionToken does not defined'); } diff --git a/src/session/SessionManager.ts b/src/session/SessionManager.ts index 874c4f0..e7daebf 100644 --- a/src/session/SessionManager.ts +++ b/src/session/SessionManager.ts @@ -5,6 +5,8 @@ import {Options, RequestObject} from "../index"; import {getSessionName, KeycloakState} from "../utils/KeycloakUtils"; import {StrorageDB} from "./storage/Strorage"; +import {InMemoryDB} from './storage/InMemoryDB'; +import {DynamoDB} from './storage/DynamoDB'; const {clientJWT} = require('keycloak-lambda-authorizer/src/clientAuthorization'); @@ -46,7 +48,7 @@ export function getSessionToken(sessionTokenString: string, } export type SessionConfiguration = { - storageType: string, + storageType: string|StrorageDB, sessionCookieName?: string, storageTypeSettings?: any, keys: SessionTokenKeys, @@ -101,21 +103,23 @@ export class DefaultSessionManager implements SessionManager { } async getCurrentStorage(): Promise { - switch (this.defaultSessionType.storageType) { - case 'InMemoryDB': { - const {InMemoryDB} = await import('./storage/InMemoryDB'); - return new InMemoryDB(); - } - case 'DynamoDB': { - if (!this.options.session.sessionConfiguration.storageTypeSettings) { - throw new Error('dynamoDbSettings setting does not defined'); + if (this.defaultSessionType.storageType instanceof String) { + switch (this.defaultSessionType.storageType) { + case 'InMemoryDB': { + return new InMemoryDB(); + } + case 'DynamoDB': { + if (!this.options.session.sessionConfiguration.storageTypeSettings) { + throw new Error('dynamoDbSettings setting does not defined'); + } + return new DynamoDB(this.options.session.sessionConfiguration.storageTypeSettings); + } + default: { + throw new Error(`${this.defaultSessionType.storageType} does not support`); } - const {DynamoDB} = await import('./storage/DynamoDB'); - return new DynamoDB(this.options.session.sessionConfiguration.storageTypeSettings); - } - default: { - throw new Error(`${this.defaultSessionType.storageType} does not support`); } + } else { + return this.defaultSessionType.storageType; } }