[KEYCLOAK-10304] Configure JS Adapter to use PKCE for new Account Management

This commit is contained in:
Bruno Oliveira da Silva 2020-01-20 18:09:50 -03:00 committed by Stan Silvert
parent 6eb6418208
commit 22bd945332
2 changed files with 72 additions and 19 deletions

View file

@ -98,7 +98,7 @@
realm: realm,
clientId: 'account-console'
});
keycloak.init({onLoad: 'check-sso'}).success(function(authenticated) {
keycloak.init({onLoad: 'check-sso', pkceMethod: 'S256'}).success(function(authenticated) {
isReactLoading = true;
toggleReact();
if (!keycloak.authenticated) {

View file

@ -24,9 +24,9 @@ export = Keycloak;
/**
* Creates a new Keycloak client instance.
* @param config Path to a JSON config file or a plain config object.
* @param config A configuration object or path to a JSON config file.
*/
declare function Keycloak(config?: string|{}): Keycloak.KeycloakInstance;
declare function Keycloak<TPromise extends Keycloak.KeycloakPromiseType = 'legacy'>(config?: Keycloak.KeycloakConfig | string): Keycloak.KeycloakInstance<TPromise>;
declare namespace Keycloak {
type KeycloakAdapterName = 'cordova' | 'cordova-native' |'default' | any;
@ -34,11 +34,29 @@ declare namespace Keycloak {
type KeycloakResponseMode = 'query'|'fragment';
type KeycloakResponseType = 'code'|'id_token token'|'code id_token token';
type KeycloakFlow = 'standard'|'implicit'|'hybrid';
type KeycloakPromiseType = 'native'
type KeycloakPromiseType = 'legacy' | 'native';
type KeycloakPkceMethod = 'S256';
interface KeycloakConfig {
/**
* URL to the Keycloak server, for example: http://keycloak-server/auth
*/
url?: string;
/**
* Name of the realm, for example: 'myrealm'
*/
realm: string;
/**
* Client identifier, example: 'myapp'
*/
clientId: string;
}
interface KeycloakInitOptions {
/**
* @private Undocumented.
* Adds a [cryptographic nonce](https://en.wikipedia.org/wiki/Cryptographic_nonce)
* to verify that the authentication response matches the request.
* @default true
*/
useNonce?: boolean;
@ -105,6 +123,13 @@ declare namespace Keycloak {
*/
redirectUri?: string;
/**
* Specifies an uri to redirect to after silent check-sso.
* Silent check-sso will only happen, when this redirect uri is given and
* the specified uri is available whithin the application.
*/
silentCheckSsoRedirectUri?: string;
/**
* Set the OpenID Connect flow.
* @default standard
@ -112,11 +137,32 @@ declare namespace Keycloak {
flow?: KeycloakFlow;
/**
* Set the promise type. If set to `'native'` all methods returning a promise
* will return a native JavaScript promise. If not set will return
* Keycloak specific promise objects.
* Set the promise type. If set to `native` all methods returning a promise
* will return a native JavaScript promise. If not not specified then
* Keycloak specific legacy promise objects will be returned instead.
*
* Since native promises have become the industry standard it is highly
* recommended that you always specify `native` as the promise type.
*
* Note that in upcoming versions of Keycloak the default will be changed
* to `native`, and support for legacy promises will eventually be removed.
*
* @default legacy
*/
promiseType?: KeycloakPromiseType;
/**
* Configures the Proof Key for Code Exchange (PKCE) method to use.
* The currently allowed method is 'S256'.
* If not configured, PKCE will not be used.
*/
pkceMethod?: KeycloakPkceMethod;
/**
* Enables logging messages from Keycloak to the console.
* @default false
*/
enableLogging?: boolean
}
interface KeycloakLoginOptions {
@ -230,8 +276,8 @@ declare namespace Keycloak {
nonce?: string;
sub?: string;
session_state?: string;
realm_access?: { roles: string[] };
resource_access?: string[];
realm_access?: KeycloakRoles;
resource_access?: KeycloakResourceAccess;
}
interface KeycloakResourceAccess {
@ -244,11 +290,18 @@ declare namespace Keycloak {
// export interface KeycloakUserInfo {}
/**
* Conditional CompatPromise type in order to support
* both legacy promises and native promises as return types.
*/
type CompatPromise<TPromiseType extends KeycloakPromiseType, TSuccess, TError> =
TPromiseType extends 'native' ? Promise<TSuccess> : KeycloakPromise<TSuccess, TError>;
/**
* A client for the Keycloak authentication server.
* @see {@link https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/javascript-adapter.html|Keycloak JS adapter documentation}
*/
interface KeycloakInstance {
interface KeycloakInstance<TPromise extends KeycloakPromiseType = 'legacy'> {
/**
* Is true if the user is authenticated, false otherwise.
*/
@ -413,32 +466,32 @@ declare namespace Keycloak {
* @param initOptions Initialization options.
* @returns A promise to set functions to be invoked on success or error.
*/
init(initOptions: KeycloakInitOptions): KeycloakPromise<boolean, KeycloakError>;
init(initOptions: KeycloakInitOptions): CompatPromise<TPromise, boolean, KeycloakError>;
/**
* Redirects to login form.
* @param options Login options.
*/
login(options?: KeycloakLoginOptions): KeycloakPromise<void, void>;
login(options?: KeycloakLoginOptions): CompatPromise<TPromise, void, void>;
/**
* Redirects to logout.
* @param options Logout options.
* @param options.redirectUri Specifies the uri to redirect to after logout.
*/
logout(options?: any): KeycloakPromise<void, void>;
logout(options?: any): CompatPromise<TPromise, void, void>;
/**
* Redirects to registration form.
* @param options Supports same options as Keycloak#login but `action` is
* set to `'register'`.
*/
register(options?: any): KeycloakPromise<void, void>;
register(options?: any): CompatPromise<TPromise, void, void>;
/**
* Redirects to the Account Management Console.
*/
accountManagement(): KeycloakPromise<void, void>;
accountManagement(): CompatPromise<TPromise, void, void>;
/**
* Returns the URL to login form.
@ -490,7 +543,7 @@ declare namespace Keycloak {
* alert('Failed to refresh the token, or the session has expired');
* });
*/
updateToken(minValidity: number): KeycloakPromise<boolean, boolean>;
updateToken(minValidity: number): CompatPromise<TPromise, boolean, boolean>;
/**
* Clears authentication state, including tokens. This can be useful if
@ -517,11 +570,11 @@ declare namespace Keycloak {
* Loads the user's profile.
* @returns A promise to set functions to be invoked on success or error.
*/
loadUserProfile(): KeycloakPromise<KeycloakProfile, void>;
loadUserProfile(): CompatPromise<TPromise, KeycloakProfile, void>;
/**
* @private Undocumented.
*/
loadUserInfo(): KeycloakPromise<{}, void>;
loadUserInfo(): CompatPromise<TPromise, {}, void>;
}
}