Keycloak OAuth Flow in Meteor
Requires meteor 1.4.1.1
Meteor Keycloak Auth Handshake Framework Agnostic.
Installation from Atmosphere:
meteor add procempa:keycloak-auth
Example Using Blaze Html Templates Package
Template.login.onCreated(function() {
Meteor.Keycloak.config = {
'realm': 'CHANGE_REALM',
'url': 'CHANGE_URL',
'clientId': 'CHANGE_CLIENT_ID'
};
});
Template.login.events({
'click button' () {
Meteor.Keycloak.login();
}
});
Template.logout.events({
'click button' () {
Meteor.Keycloak.logout();
}
});
Template.restrictedMethod.events({
'click button' () {
Meteor.Keycloak
.isInRole('YOUR_ROLE', 'client')
.then(() => {
Meteor.call('callRestrictedMethod', function(error, result) {
if (error) {
console.log('error', error);
}
if (result) {
alert('Success');
}
});
}, () => {
alert('Permission denied');
});
}
});
Template.restrictedSubscribe.events({
'click button' () {
Meteor.Keycloak
.isInRole('YOUR_ROLE', 'client')
.then(() => {
Meteor.subscribe('retricted_publish', function() {
console.log('SUBSCRIBED');
});
}, () => {
alert('Permission denied');
});
}
});
Example in Meteor Server
First create a file in /private/keycloak[-dev|-hom|-pro].json
with your client instalation, ie:
{
"realm": "CHANGE_REALM",
"realm-public-key": "CHANGE_PUBLIC_KEY",
"auth-server-url": "CHANGE_URL",
"ssl-required": "CHANGE_SSL_REQUIRED",
"resource": "CHANGE_RESOURCE",
"public-client": true,
"use-resource-role-mappings": true
}
You can use in your publications or methods, ie:
import { Meteor } from 'meteor/meteor';
Meteor.methods({
callRestrictedMethod: function() {
Meteor
.Keycloak
.isInRole('YOUR_ROLE', 'SCOPE (CLIENT OR REALM)'))
.then( () => {
return 'AUTHORIZED';
}, () => {
return 'UNAUTHORIZED';
});
}
});
Meteor.publish('retricted_publish', function() {
Meteor
.Keycloak
.isInRole('YOUR_ROLE', 'SCOPE (CLIENT OR REALM)'))
.then( () => {
return YourColletion.find();
}, () => {
throw new Meteor.Error(403, 'UNAUTHORIZED');
});
});