...
 
Commits (2)
......@@ -8,30 +8,81 @@ class KeyCloakClient {
this.kcRealm = Meteor.settings.public.keycloakRealm;
this.clientId = null;
this.adminsGroupId = null;
this.token = null;
this.refreshToken = null;
this._ensureClientId = this._ensureClientId.bind(this);
this._setToken = this._setToken.bind(this);
this._setRefreshToken = this._setRefreshToken.bind(this);
this._expire = this._expire.bind(this);
this._expireRefresh = this._expireRefresh.bind(this);
this._checkToken = this._checkToken.bind(this);
// initialize client id and check that we can get tokens
this._getToken().then((initToken) => {
if (initToken) {
console.log('Keycloak: API authentication success');
console.log('Keycloak: API client initialized');
}
});
}
_getToken() {
// XXX TODO : store and manage access_token and refresh_token ?
_authenticate() {
const adminUser = Meteor.settings.keycloak.adminUser;
const adminPassword = Meteor.settings.keycloak.adminPassword;
return axios
.post(
`${this.kcURL}/realms/master/protocol/openid-connect/token`,
`username=${adminUser}&password=${adminPassword}&grant_type=password&client_id=admin-cli`,
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
return axios.post(
`${this.kcURL}/realms/master/protocol/openid-connect/token`,
`username=${adminUser}&password=${adminPassword}&grant_type=password&client_id=admin-cli`,
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
)
.then((response) => {
},
);
}
_refreshToken() {
return axios.post(
`${this.kcURL}/realms/master/protocol/openid-connect/token`,
`refresh_token=${this.refreshToken}&grant_type=refresh_token&client_id=admin-cli`,
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
},
);
}
_expire() {
this.token = null;
}
_expireRefresh() {
this.refreshToken = null;
}
_setToken(token, timeout) {
this.token = token;
// reset this.token 5 seconds before it expires
setTimeout(this._expire, (timeout - 5) * 1000);
}
_setRefreshToken(refresh_token, timeout) {
this.refreshToken = refresh_token;
// reset this.refreshToken 10 seconds before token expires
setTimeout(this._expireRefresh, (timeout - 10) * 1000);
}
_checkToken() {
if (this.token) return Promise.resolve(this.token);
if (this.refreshToken)
return this._refreshToken().then((response) => {
const newToken = response.data.access_token;
this._setToken(newToken, response.data.expires_in);
this._setRefreshToken(response.data.refresh_token, response.data.refresh_expires_in);
return newToken;
});
return this._authenticate().then((response) => {
console.log('Keycloak : new access token received');
const newToken = response.data.access_token;
this._setToken(newToken, response.data.expires_in);
this._setRefreshToken(response.data.refresh_token, response.data.refresh_expires_in);
return newToken;
});
}
_getToken() {
return this._checkToken()
.then((newToken) => {
// check that clientId is set in case keycloak was not available at startup
return this._ensureClientId(newToken)
.then(() => this._ensureAdminsId(newToken))
......@@ -54,7 +105,7 @@ class KeyCloakClient {
})
.then((response) => {
this.clientId = response.data.find((client) => client.clientId === Meteor.settings.keycloak.client).id;
console.log(`Keycloak: client ID found : ${this.clientId}`);
console.log(`Keycloak: client ID found (${this.clientId})`);
return this.clientId;
})
.catch((error) => {
......@@ -144,27 +195,17 @@ class KeyCloakClient {
.then((groupId) => {
console.log(`Keycloak: group ${groupName} added (id ${groupId})`);
return this._getRoleId(groupName, token).then((roleId) => {
// map client role to group
// XXX FIXME : roles mapping currently not working
return roleId;
// console.log(
// 'POST : ',
// `${this.kcURL}/admin/realms/${this.kcRealm}/groups/${groupId}/role-mappings/clients/${this.clientId}`,
// { name: groupName, id: roleId },
// );
// return axios.post(
// `${this.kcURL}/admin/realms/${this.kcRealm}/groups/${groupId}/role-mappings/clients/${this.clientId}`,
// {
// roles: [{ name: groupName, id: roleId }],
// },
// {
// headers: {
// 'Content-Type': 'application/json',
// Accept: 'application/json',
// Authorization: `Bearer ${token}`,
// },
// },
// );
return axios.post(
`${this.kcURL}/admin/realms/${this.kcRealm}/groups/${groupId}/role-mappings/clients/${this.clientId}`,
[{ name: groupName, id: roleId }],
{
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
Authorization: `Bearer ${token}`,
},
},
);
});
});
});
......