keycloak-auth-decorator

A simple keycloak-auth-decorator.

License

License

Categories

Categories

Net KeY Data Data Formats Formal Verification Keycloak Security
GroupId

GroupId

net.micedre.keycloak
ArtifactId

ArtifactId

keycloak-auth-decorator
Last Version

Last Version

1.1
Release Date

Release Date

Type

Type

jar
Description

Description

keycloak-auth-decorator
A simple keycloak-auth-decorator.
Project URL

Project URL

http://github.com/micedre/keycloak-auth-decorator
Source Code Management

Source Code Management

https://github.com/micedre/keycloak-auth-decorator/tree/master

Download keycloak-auth-decorator

How to add to project

<!-- https://jarcasting.com/artifacts/net.micedre.keycloak/keycloak-auth-decorator/ -->
<dependency>
    <groupId>net.micedre.keycloak</groupId>
    <artifactId>keycloak-auth-decorator</artifactId>
    <version>1.1</version>
</dependency>
// https://jarcasting.com/artifacts/net.micedre.keycloak/keycloak-auth-decorator/
implementation 'net.micedre.keycloak:keycloak-auth-decorator:1.1'
// https://jarcasting.com/artifacts/net.micedre.keycloak/keycloak-auth-decorator/
implementation ("net.micedre.keycloak:keycloak-auth-decorator:1.1")
'net.micedre.keycloak:keycloak-auth-decorator:jar:1.1'
<dependency org="net.micedre.keycloak" name="keycloak-auth-decorator" rev="1.1">
  <artifact name="keycloak-auth-decorator" type="jar" />
</dependency>
@Grapes(
@Grab(group='net.micedre.keycloak', module='keycloak-auth-decorator', version='1.1')
)
libraryDependencies += "net.micedre.keycloak" % "keycloak-auth-decorator" % "1.1"
[net.micedre.keycloak/keycloak-auth-decorator "1.1"]

Dependencies

provided (3)

Group / Artifact Type Version
org.keycloak : keycloak-server-spi jar 12.0.4
org.keycloak : keycloak-server-spi-private jar 12.0.4
org.keycloak : keycloak-services jar 12.0.4

Project Modules

There are no modules declared in this project.

Keycloak Auth Decorator

Simple keycloak authenticator to add an attribute from an http json API to an authenticated user. The idea was to get user info from another source than the configured user storage. For example, it can be used to fetch info from github API...

How to install

Build the jar :

mvn package

Copy it in $keycloak/standalone/deployments

How to use

Add the http user decorator to authenticator flow ( ⚠️ you need to set it as required, so you will need to wrap the old authenticator config in a generic flow to set it both as required )

Don't forget to configure the new authenticator, for everything to work.

Configuration

name description
User attribute User attribute to fill with the value retrieved
Fetch Url Url to fetch, #username,#email and #secret are replaced with the corresponding values
Json Path Json expression to get the wanted value (should be in the form of JsonPointer expression)
Http headers Headers to send with the request (in the form <Header Name>:<Value>). The #secret expression in value is replaced with the config value.
Secret A secret to use in url or header (for a token, or other sensitive information). This field is write only.

How it works

This authenticator adds an user attribute by requesting an http api. The user attribute is refreshed everytime the authenticator is used.

Example

Let's say you want to retrieve information on your keycloak user from github (maybe to check their organizations or get their github avatar).

The github api publish an endpoint to search user by email here : https://api.github.com/search/users?q=email+in:email

In keycloak admin console, let's start by creating a new authtication flow with 2 executions :

  • User Password form
  • Http User decorator

The 2 executions are marked as Required, that way, we assure to execute both actions.

The Http User decorator is configured as follow :

key value
User Attribute github_login
Fetch Url https://api.github.com/search/users?q=#email+in:email
Json Path /items/0/login (we get the first result)

And we leave the others fields empty.

Then when authenticating an user, their email adress is searched on github and if found, a new attribute github_login is created for this user.

Versions

Version
1.1