-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathkeycloak.js
130 lines (104 loc) · 3.54 KB
/
keycloak.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
"use strict";
const axios = require("axios");
const _ = require("lodash");
const util = require("./utils");
module.exports = class KeyCloakClient {
constructor(settings, oc) {
this.phases = settings.phases;
this.options = settings.options;
this.oc = oc;
this.appHost = this.phases.dev.host;
}
async init() {
this.getSecrets();
this.apiTokenPath = `/auth/realms/${this.realmId}/protocol/openid-connect/token`;
this.appClientPath = `auth/admin/realms/${this.realmId}/clients/${this.appClientId}`;
this.api = axios.create({
baseURL: `https://${this.ssoHost}`,
});
const token = await this.getAccessToken();
this.api.defaults.headers.common = {
Authorization: `Bearer ${token}`,
};
}
getSecrets() {
const secret = util.getSecret(
this.oc,
this.phases.build.namespace,
"keycloak-service-account"
);
this.clientId = Buffer.from(secret.clientId, "base64").toString();
this.clientSecret = Buffer.from(secret.clientSecret, "base64").toString();
this.appClientId = Buffer.from(secret.appClientId, "base64").toString();
this.realmId = Buffer.from(secret.realmId, "base64").toString();
this.ssoHost = Buffer.from(secret.host, "base64").toString();
if (!this.clientId || !this.clientSecret || !this.appClientId)
throw new Error(
"Unable to retrieve Keycloak service account info from OpenShift"
);
}
getAccessToken() {
return this.api
.post(this.apiTokenPath, "grant_type=client_credentials", {
headers: { "Content-Type": "application/x-www-form-urlencoded" },
auth: {
username: this.clientId,
password: this.clientSecret,
},
})
.then(function (response) {
if (!response.data.access_token)
throw new Error(
"Unable to retrieve Keycloak service account access token"
);
return Promise.resolve(response.data.access_token);
});
}
async getUris() {
const response = await this.api.get(this.appClientPath);
const data = { ...response.data };
const redirectUris = data.redirectUris;
return { data, redirectUris };
}
async addUris() {
await this.init();
console.log("Attempting to add RedirectUri and WebOrigins");
const { data, redirectUris } = await this.getUris();
const putData = { id: data.id, clientId: data.clientId };
const hasRedirectUris = redirectUris.find((item) =>
item.includes(this.appHost)
);
if (!hasRedirectUris) {
redirectUris.push(`https://${this.appHost}/*`);
putData.redirectUris = redirectUris;
}
if (!hasRedirectUris) {
this.api
.put(this.appClientPath, putData)
.then(() => console.log("RedirectUri and WebOrigins added."));
} else {
console.log("RedirectUri and WebOrigins add skipped.");
}
}
async remmoveUris() {
await this.init();
console.log("Attempting to remove RedirectUri and WebOrigins");
const { data, redirectUris } = await this.getUris();
const putData = { id: data.id, clientId: data.clientId };
const hasRedirectUris = redirectUris.find((item) =>
item.includes(this.appHost)
);
if (hasRedirectUris) {
putData.redirectUris = redirectUris.filter(
(item) => !item.includes(this.appHost)
);
}
if (hasRedirectUris) {
this.api
.put(this.appClientPath, putData)
.then(() => console.log("RedirectUri and WebOrigins removed."));
} else {
console.log("RedirectUri and WebOrigins remove skipped.");
}
}
};