keycloak-auth-decorator

A simple keycloak-auth-decorator.

License	License The Apache Software License, Version 2.0
Categories	Categories Net KeY Data Data Formats Formal Verification Keycloak Security
GroupId	GroupId net.micedre.keycloak
ArtifactId	ArtifactId keycloak-auth-decorator
Last Version	Last Version 1.1
Release Date	Release Date May 2, 2021
Type	Type jar
Description	Description keycloak-auth-decorator A simple keycloak-auth-decorator.
Project URL	Project URL http://github.com/micedre/keycloak-auth-decorator
Source Code Management	Source Code Management https://github.com/micedre/keycloak-auth-decorator/tree/master

Download keycloak-auth-decorator

Filename	Size
keycloak-auth-decorator-1.1.pom
keycloak-auth-decorator-1.1.jar	7 KB
keycloak-auth-decorator-1.1-sources.jar	5 KB
keycloak-auth-decorator-1.1-javadoc.jar	396 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/net.micedre.keycloak/keycloak-auth-decorator/ -->
<dependency>
    <groupId>net.micedre.keycloak</groupId>
    <artifactId>keycloak-auth-decorator</artifactId>
    <version>1.1</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/net.micedre.keycloak/keycloak-auth-decorator/
implementation 'net.micedre.keycloak:keycloak-auth-decorator:1.1'

Gradle Kotlin

// https://jarcasting.com/artifacts/net.micedre.keycloak/keycloak-auth-decorator/
implementation ("net.micedre.keycloak:keycloak-auth-decorator:1.1")

Apache Buildr

'net.micedre.keycloak:keycloak-auth-decorator:jar:1.1'

Apache Ivy

<dependency org="net.micedre.keycloak" name="keycloak-auth-decorator" rev="1.1">
  <artifact name="keycloak-auth-decorator" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='net.micedre.keycloak', module='keycloak-auth-decorator', version='1.1')
)

Scala SBT

libraryDependencies += "net.micedre.keycloak" % "keycloak-auth-decorator" % "1.1"

Leiningen

[net.micedre.keycloak/keycloak-auth-decorator "1.1"]

Dependencies

provided (3)

Group / Artifact	Type	Version
org.keycloak : keycloak-server-spi	jar	12.0.4
org.keycloak : keycloak-server-spi-private	jar	12.0.4
org.keycloak : keycloak-services	jar	12.0.4

Project Modules

There are no modules declared in this project.

Keycloak Auth Decorator

Simple keycloak authenticator to add an attribute from an http json API to an authenticated user. The idea was to get user info from another source than the configured user storage. For example, it can be used to fetch info from github API...

How to install

Build the jar :

mvn package

Copy it in $keycloak/standalone/deployments

How to use

Add the http user decorator to authenticator flow ( ⚠️ you need to set it as required, so you will need to wrap the old authenticator config in a generic flow to set it both as required )

Don't forget to configure the new authenticator, for everything to work.

Configuration

name	description
User attribute	User attribute to fill with the value retrieved
Fetch Url	Url to fetch, `#username`,`#email` and `#secret` are replaced with the corresponding values
Json Path	Json expression to get the wanted value (should be in the form of JsonPointer expression)
Http headers	Headers to send with the request (in the form `<Header Name>:<Value>`). The `#secret` expression in value is replaced with the config value.
Secret	A secret to use in url or header (for a token, or other sensitive information). This field is write only.

How it works

This authenticator adds an user attribute by requesting an http api. The user attribute is refreshed everytime the authenticator is used.

Example

Let's say you want to retrieve information on your keycloak user from github (maybe to check their organizations or get their github avatar).

The github api publish an endpoint to search user by email here : https://api.github.com/search/users?q=email+in:email

In keycloak admin console, let's start by creating a new authtication flow with 2 executions :

User Password form
Http User decorator

The 2 executions are marked as Required, that way, we assure to execute both actions.

The Http User decorator is configured as follow :

key	value
User Attribute	`github_login`
Fetch Url	`https://api.github.com/search/users?q=#email+in:email`
Json Path	`/items/0/login` (we get the first result)

And we leave the others fields empty.

Then when authenticating an user, their email adress is searched on github and if found, a new attribute github_login is created for this user.

Versions

Version
1.1 May 2, 2021

keycloak-auth-decorator

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management