Skip to content

greenbone/keycloak-client-golang

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Greenbone Logo

GitHub releases

Golang Keycloak Client

This repository contains a reusable connector for Keycloak.

Authorization

See auth/example_test.go for example usage or snippet below:

import "github.com/greenbone/keycloak-client-golang/auth"

func main() {
    realmInfo := auth.KeycloakRealmInfo{
        RealmId:               "user-management",             // keycloak realm name
        AuthServerInternalUrl: "http://keycloak:8080/auth",   // keycloak server internal url
        AuthServerPublicUrl:   "http://localhost:28080/auth", // keycloak server public url (jwt issuer)
    }
    
    authorizer, err := auth.NewKeycloakAuthorizer(realmInfo)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak token authorizer: %w", err))
        return
    }

    authMiddleware, err := auth.NewGinAuthMiddleware(authorizer.ParseRequest)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak auth middleware: %w", err))
        return
    }

    gin.SetMode(gin.TestMode)
    router := gin.Default()
    router.Use(authMiddleware) // wire up auth middleware

    router.GET("/test", func(c *gin.Context) {
        userContext, err := auth.GetUserContext(c)
        if err != nil {
            _ = c.AbortWithError(http.StatusInternalServerError, err)
            return
        }

        c.String(http.StatusOK, fmt.Sprintf("%#v", userContext))
        // Output:
        //
        // &auth.UserContext{
        //     Realm: "user-management", 
        //     UserID: "1927ed8a-3f1f-4846-8433-db290ea5ff90", 
        //     UserName: "initial", 
        //     EmailAddress: "[email protected]", 
        //     Roles: []string{""offline_access", "uma_authorization", "user", "default-roles-user-management"}, 
        //     Groups: []string{"user-management-initial"}, 
        //     AllowedOrigins: []string{"http://localhost:3000"},
        // }
    })
}

Steps:

  • create a realm info struct with realm id and keycloak internal url (inside docker/k8s) from environment variables,
  • create keycloak authorizer via auth.NewKeycloakAuthorizer and pass the realm info,
  • create gin middleware via auth.NewGinAuthMiddleware with ParseRequest method of the authorizer. It will check Authorization header for the bearer token and Origin header for an allowed origin. It will put decoded claims into gin context
  • wire up auth middleware to routes you decide
  • inside routes use auth.GetUserContext to get decoded token claims as a user context object from gin context

Maintainer

This project is maintained by Greenbone AG

Contributing

Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at GitHub first.

License

Copyright (C) 2020-2023 Greenbone AG

Licensed under the GNU General Public License v3.0 or later.