keycloak_client_golang

package module

v0.2.1 Latest Latest Go to latest Published: Jun 20, 2024 License: AGPL-3.0 Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/greenbone/keycloak-client-golang

Links

Open Source Insights

README ¶

Greenbone Logo

Golang Keycloak Client

This repository contains a reusable connector for Keycloak.

Authorization

See auth/example_test.go for example usage or snippet below:

import "github.com/greenbone/keycloak-client-golang/auth"

func main() {
    realmInfo := auth.KeycloakRealmInfo{
        RealmId:               "user-management",             // keycloak realm name
        AuthServerInternalUrl: "http://keycloak:8080/auth",   // keycloak server internal url
        AuthServerPublicUrl:   "http://localhost:28080/auth", // keycloak server public url (jwt issuer)
    }
    
    authorizer, err := auth.NewKeycloakAuthorizer(realmInfo)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak token authorizer: %w", err))
        return
    }

    authMiddleware, err := auth.NewGinAuthMiddleware(authorizer.ParseRequest)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak auth middleware: %w", err))
        return
    }

    gin.SetMode(gin.TestMode)
    router := gin.Default()
    router.Use(authMiddleware) // wire up auth middleware

    router.GET("/test", func(c *gin.Context) {
        userContext, err := auth.GetUserContext(c)
        if err != nil {
            _ = c.AbortWithError(http.StatusInternalServerError, err)
            return
        }

        c.String(http.StatusOK, fmt.Sprintf("%#v", userContext))
        // Output:
        //
        // &auth.UserContext{
        //     Realm: "user-management", 
        //     UserID: "1927ed8a-3f1f-4846-8433-db290ea5ff90", 
        //     UserName: "initial", 
        //     EmailAddress: "initial@host.local", 
        //     Roles: []string{""offline_access", "uma_authorization", "user", "default-roles-user-management"}, 
        //     Groups: []string{"user-management-initial"}, 
        //     AllowedOrigins: []string{"http://localhost:3000"},
        // }
    })
}

Steps:

create a realm info struct with realm id and keycloak internal url (inside docker/k8s) from environment variables,
create keycloak authorizer via auth.NewKeycloakAuthorizer and pass the realm info,
create gin middleware via auth.NewGinAuthMiddleware with ParseRequest method of the authorizer. It will check Authorization header for the bearer token and Origin header for an allowed origin. It will put decoded claims into gin context
wire up auth middleware to routes you decide
inside routes use auth.GetUserContext to get decoded token claims as a user context object from gin context

Maintainer

This project is maintained by Greenbone AG

Contributing

Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at GitHub first.