我正在尝试使用keycloft连接将Keycloft身份验证添加到我的ApolloServer。我已经设置了我的领域并从localhost:8080/auth登录。然而,我在上下文函数中从我的请求中获取kauth时遇到了问题
目前我有以下设置:
const kcConfig = {
clientId: process.env.KEYCLOAK_CLIENT_ID,
serverUrl: `localhost:808/auth`,
realm: process.env.KEYCLOAK_REALM,
realmPublicKey: process.env.KEYCLOAK_REALM_PUBLIC_KEY,
}
const memoryStore = new session.MemoryStore()
app.use(session({
secret: process.env.SESSION_SECRET_STRING || 'this should be a long secret',
resave: false,
saveUninitialized: true,
store: memoryStore
}))
const keycloak = new Keycloak({
store: memoryStore
}, kcConfig as any)
// Install general keycloak middleware
app.use(keycloak.middleware({
admin: graphqlPath
}))
// Protect the main route for all graphql services
// Disable unauthenticated access
app.use(graphqlPath, keycloak.middleware())
然后我尝试在如下上下文中访问req.kauth:
export interface GrantedRequest extends Request {
kauth : {grant?: Grant};
}
const server = new ApolloServer({
engine: {
graphVariant: "current"
},
context: ({req, res} : {
req: GrantedRequest,
res: any
}) => {
console.log(req.kauth) // this line prints an empty object
return {
req,
res,
kauth: req.auth
}
},
schema,
playground: {
settings: {
"request.credentials": "same-origin"
}
}
});
但是,我无法从我的请求中检索kauth属性。我该如何解决这个问题?
在定义受保护的资源之前,不会使用密钥斗篷身份验证。与中的注释进行比较https://github.com/keycloak/keycloak-nodejs-connect/blob/master/keycloak.js#L92
因为您只定义了keycloak.middleware()函数,并不意味着您的资源受到保护。
要实现登录并从密钥斗篷接收访问令牌,需要使用keycloak.protect()或keycloak.checkSso()或keycloak.enforcer()。因此,您必须将这些作为请求处理程序分配给任一URL
app.get('/proteced-resource', keycloak.protect())
或应用
app.use(keycloak.protect())。