Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
593 views
in Technique[技术] by (71.8m points)

keycloak - 从Node.js访问Keycloak组属性(Access Keycloak group attributes from Nodejs)

I've got Keycloak setup and running with NodeJS.

(我已经安装了Keycloak并与NodeJS一起运行。)

I see you can create groups and assign attributes to those groups.

(我看到您可以创建组并为这些组分配属性。)

Is it possible to access these attributes from the NodeJS application?

(是否可以从NodeJS应用程序访问这些属性?)

I can't even find the groups let alone their attributes.

(我什至找不到组,更不用说它们的属性了。)

  ask by bugg translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Yes you can.

(是的你可以。)

But there is almost no official documentation on how to achieve this.

(但是,几乎没有官方文档说明如何实现这一目标。)

You can return most keycloak attributes, groups and roles through the client mappers.

(您可以通过客户端映射器返回大多数keycloak属性,组和角色。)

By default none are configured.

(默认情况下,没有配置。)

To configure extra mappers: In the administration console, select the client and then the Mappers tab.

(要配置额外的映射器:在管理控制台中,选择客户端,然后选择“映射器”选项卡。)

That should bring you to a list of mappers.

(那应该带您到一个映射器列表。)

客户映射器列表

You can add mappers here of different types.

(您可以在此处添加不同类型的映射器。)

Once you add a mapper you can decide which calls to Keycloak from the client return the attribute(s), and what the name of the returned attribute is.

(添加映射器后,您可以决定从客户端对Keycloak的哪些调用返回属性,以及返回的属性的名称是什么。)

The following screenshot includes a mapper that returns a dictionary of groups, with subgroups, separated by forward slashes.

(以下屏幕快照包括一个映射器,该映射器返回由组组成的字典,其中包含子组,并用正斜杠分隔。)

Your Node code will need to parse the returned JSON object.

(您的Node代码将需要解析返回的JSON对象。)

组映射器详细信息

All the information is returned in the keycloak token, which is a Javascript Web Token.

(所有信息都在keycloak令牌中返回,该令牌是Javascript Web令牌。)

In Node you can examine it by printing the token to the log.

(在Node中,您可以通过将令牌打印到日志中来进行检查。)

The keycloak-connect middleware stores tokens etc in an object on the request called kauth.

(keycloak-connect中间件将令牌等存储在请求中称为kauth的对象中。)

The path to retrieve a list of groups specified by the configuration in the above screenshot is shown below.

(检索上述屏幕快照中配置指定的组列表的路径如下所示。)

If you change the token claim name in the configuration, you will need to change the path in your NodeJS code accordingly.

(如果您在配置中更改令牌声明名称,则需要相应地在NodeJS代码中更改路径。)

You will need to logout from your application and login again for changes to the mapper to work.

(您将需要从应用程序中注销,然后再次登录以使对映射器所做的更改生效。)

router.get('/', async function(req, res){ 
  console.log(req.kauth.grant.access_token.content.groups) ..
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...