- Admin API with user permissions

- fixed cache issue - support client role
vzakharchenko · May 24, 2021 · d1102c5 · d1102c5
1 parent b8589f9
commit d1102c5
Show file tree

Hide file tree

Showing 17 changed files with 2,923 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -48,6 +48,21 @@ export function authorizer(event, context, callback) {
   });
 }
 ```
+### Client Role Based
+```javascript
+import { apigateway } from 'keycloak-lambda-authorizer';
+
+export function authorizer(event, context, callback) {
+    const keycloakJSON = ...; // read Keycloak.json
+  awsAdapter.awsHandler(event, keycloakJSON, {
+    enforce: { enabled: true,  clientRole: {roleName: 'SOME_ROLE',clientId: 'Client Name',}, },
+  }).then((token)=>{
+      // Success
+  }).catch((e)=>{
+    // Failed
+  });
+}
+```
 
 ### Resource Based (Keycloak Authorization Services)
 ```javascript

diff --git a/example/userToAdminAPI/README.md b/example/userToAdminAPI/README.md
@@ -0,0 +1,49 @@
+# Example of Calling the Admin API Using User Permissions (Role or Resource)
+
+This example allow to get list of users and List of security clients (with secrets) using regular user permissions.
+
+## 1. Start Keycloak
+
+### Docker
+Using the image from https://hub.docker.com/r/jboss/keycloak/
+```
+docker run -p 8090:8080 -e JAVA_OPTS="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true" -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin  -v `pwd`/example/userToAdminAPI:/userToAdminAPI  -e KEYCLOAK_IMPORT=/userToAdminAPI/example-realm-export.json  jboss/keycloak
+```
+###  Standard
+```
+sh bin/standalone.sh  -c standalone.xml -b 0.0.0.0 -Djboss.bind.address.management=0.0.0.0 --debug 8190 -Djboss.http.port=8090
+```
+Open the Keycloak admin console, click on Add Realm, click on import 'Select file', select example-realm-export.json and click Create.
+
+## 2. Run Services Locally
+- Express Service
+```bash
+cd express-service
+npm i
+npm run start
+```
+
+## 3. Run UI locally
+
+```bash
+cd frontend
+npm i
+npm run start
+```
+
+## 4. Open UI
+[http://localhost:3001](http://localhost:3001)
+
+users:
+
+| User      | Password   | Service Role |
+|:----------|:-----------|:-----------------|
+| user      | user       | X                |
+| user1     | user1      | -                |
+
+## 6. Results
+
+| User      | Result                                                                                                 | Description                                           |
+|:----------|:-------------------------------------------------------------------------------------------------------|:------------------------------------------------------|
+| User      |  Hi user. Your function executed successfully!                                                         | All Access                                            |
+| User1     |  Request failed with status code 403                                                                   | User has not access to express-service                |