keycloak-express-middleware 6.0.1 → 6.0.3

package/README.md

@@ -26,7 +26,7 @@ application scope.  By moving to this new ***one instance = one client*** model,
  - isolating middleware logic per client without risking cross-contamination of sessions or grants, 
  - simplifying multitenancy or micro-service architectures where different parts of an app authenticate against different Keycloak clients. 
  
-**To summarize:** the new version enables multi-client usage within the same app by turning the middleware into configurable,
+**To summarize:** the new version (4.0.0+) enables multi-client usage within the same app by turning the middleware into configurable,
 independent object instances — something that the earlier version did not support.
 
 ### 🏗️ Migration Guide: From Old to New Version
@@ -55,15 +55,15 @@ await keycloackAdapter.configure(app,{
     });
 
 // Example of protection with keycloackAdapter.protectMiddleware middleware
-// whith a static client role validation string
+// with a static client role validation string
 // Access is allowed only for authenticated admin users
 app.get('/privateStaticClientRole', keycloackAdapter.protectMiddleware("admin"), (req, res) => {
     // "Your Custom Code"
-    res.send("Is its admin.");
+    res.send("You are an admin.");
 });
 ```
 
-🆕 New Version (Object-Oriented Design) Up to 4.0.0
+🆕 New Version (Object-Oriented Design) - Version 4.0.0+
 
 ```js
 // NEW VERSION STARTING FROM 4.0.0
@@ -108,12 +108,12 @@ const keycloakB = new keycloackAdapter(app,{
 
 
 // Example protected routes
-app.get('/clientA/secure', keycloakA.protect(), (req, res) => {
-res.send('Protected route for Client A');
+app.get('/clientA/secure', keycloakA.protectMiddleware(), (req, res) => {
+    res.send('Protected route for Client A');
 });
 
-app.get('/clientB/secure', keycloakB.protect(), (req, res) => {
-res.send('Protected route for Client B');
+app.get('/clientB/secure', keycloakB.protectMiddleware(), (req, res) => {
+    res.send('Protected route for Client B');
 });
 
 app.listen(3000, () => console.log('Server running on port 3000'));
@@ -148,18 +148,20 @@ the Keycloak Admin Console → clients (left sidebar) → choose your client →
 ## 📄 Usage Example
 ```js
 const express = require('express');
-const keycloackAdapterClass = require('keycloak-express-middleware'); // import keycloackAdapter from 'keycloak-express-middleware';
+// CommonJS - Default import
+const keycloackAdapter = require('keycloak-express-middleware');
+
+// ES6 - Named import (recommended for clarity)
+// import { keycloackAdapter } from 'keycloak-express-middleware';
 
-/*
-Old Style up to version 3.0.9
-const keycloackAdapter = require('keycloak-express-middleware'); // import keycloackAdapter from 'keycloak-express-middleware';
- */
+// ES6 - Default import
+// import keycloackAdapter from 'keycloak-express-middleware';
 
 const app = express();
 
 
 // Configure and Initialize Keycloak adapter
-keycloackAdapter= new keycloackAdapterClass(app,{
+const keycloakInstance = new keycloackAdapter(app,{
         "realm": "Realm-Project",
         "auth-server-url": "https://YourKeycloakUrl:30040/",
         "ssl-required": "external",
@@ -175,28 +177,6 @@ keycloackAdapter= new keycloackAdapterClass(app,{
         }
     });
 
-/*
-OLD STYLE UP TO VERSION 3.0.9
-// Configure and Initialize Keycloak adapter
-await keycloackAdapter.configure(app,{
-        "realm": "Realm-Project",
-        "auth-server-url": "https://YourKeycloakUrl:30040/",
-        "ssl-required": "external",
-        "resource": "keycloackclientName",
-        "credentials": {
-            "secret": "aaaaaaaaaa"
-        },
-        "confidential-port": 0
-    },
-    {
-        session:{
-            secret: 'mySecretForSession',
-        }
-    });
-*/
-
-
-
 // -------------- Public route  -----------------------
 app.get('/', (req, res) => {
   res.send('Public route: no authentication required');
@@ -205,100 +185,100 @@ app.get('/', (req, res) => {
 
 /* ############## Protected routes (any authenticated user) ###########  */
 
-// Example of login with keycloackAdapter.login function
+// Example of login with keycloakInstance.login function
 // After login redirect to "/home" 
 app.get('/signIn', (req, res) => {
     console.log("Your Custom Code");
-    keycloackAdapter.login(req,res,"/home")
+    keycloakInstance.login(req,res,"/home")
 
 });
 
-// Example of login with keycloackAdapter.loginMiddleware middleware
+// Example of login with keycloakInstance.loginMiddleware middleware
 // After login redirect to "/home" 
-app.get('/loginMiddleware', keycloackAdapter.loginMiddleware("/home") ,(req, res) => {
+app.get('/loginMiddleware', keycloakInstance.loginMiddleware("/home") ,(req, res) => {
     // Response handled by middleware, this section will never be reached.
 });
 
-// Example of logout with keycloackAdapter.logout function
+// Example of logout with keycloakInstance.logout function
 // After login redirect to "http://localhost:3001/home" 
 app.get('/logout', (req, res) => {
     console.log("Your Custom Code");
-    keycloackAdapter.logout(req,res,"http://localhost:3001/home");
+    keycloakInstance.logout(req,res,"http://localhost:3001/home");
 });
 
-// Example of logout with keycloackAdapter.logoutMiddleware middleware
+// Example of logout with keycloakInstance.logoutMiddleware middleware
 // After login redirect to "http://localhost:3001/home"
-app.get('/logoutMiddle', keycloackAdapter.logoutMiddleware("http://redirctUrl"), (req, res) => {
+app.get('/logoutMiddle', keycloakInstance.logoutMiddleware("http://redirctUrl"), (req, res) => {
     // Response handled by middleware, this section will never be reached.
 });
 
 
-// Example of protection with keycloackAdapter.protectMiddleware middleware
+// Example of protection with keycloakInstance.protectMiddleware middleware
 // Access is allowed only for authenticated users
-app.get('/private', keycloackAdapter.protectMiddleware(), (req, res) => {
+app.get('/private', keycloakInstance.protectMiddleware(), (req, res) => {
     console.log("Your Custom Code");
     console.log( req.session);
     res.redirect('/auth');
 });
 
-// Example of protection with keycloackAdapter.protectMiddleware middleware
-// whith a static client role validation string
+// Example of protection with keycloakInstance.protectMiddleware middleware
+// with a static client role validation string
 // Access is allowed only for authenticated admin users
-app.get('/privateStaticClientRole', keycloackAdapter.protectMiddleware("admin"), (req, res) => {
+app.get('/privateStaticClientRole', keycloakInstance.protectMiddleware("admin"), (req, res) => {
     // "Your Custom Code"
-    res.send("Is its admin.");
+    res.send("You are an admin.");
 });
 
-// Example of protection with keycloackAdapter.protectMiddleware middleware
-// whith a static realm role validation string
+// Example of protection with keycloakInstance.protectMiddleware middleware
+// with a static realm role validation string
 // Access is allowed only for authenticated realm admin users
-app.get('/privateStaticRealmRole', keycloackAdapter.protectMiddleware("realm:admin"), (req, res) => {
+app.get('/privateStaticRealmRole', keycloakInstance.protectMiddleware("realm:admin"), (req, res) => {
     // "Your Custom Code"
-    res.send("Is its admin realm:admin.");
+    res.send("You are a realm admin.");
 });
 
-// Example of protection with keycloackAdapter.protectMiddleware middleware
-// whith a static other client role validation string
+// Example of protection with keycloakInstance.protectMiddleware middleware
+// with a static other client role validation string
 // Access is allowed only for authenticated otherClient admin users
-app.get('/privateStaticRealmRole', keycloackAdapter.protectMiddleware("otherClient:admin"), (req, res) => {
+app.get('/privateStaticRealmRole', keycloakInstance.protectMiddleware("otherClient:admin"), (req, res) => {
     // "Your Custom Code"
-    res.send("Is its admin otherClient:admin.");
+    res.send("You are an admin of otherClient.");
 });
 
-// Example of protection with keycloackAdapter.protectMiddleware middleware
-// whith a control function tmpFunction
+// Example of protection with keycloakInstance.protectMiddleware middleware
+// with a control function tmpFunction
 // Access is allowed only for authenticated admin users
 let tmpFunction=function (token, req) {
     return token.hasRole('admin');
 }
-app.get('/isAdmin', keycloackAdapter.protectMiddleware(tmpFunction), (req, res) => {
+app.get('/isAdmin', keycloakInstance.protectMiddleware(tmpFunction), (req, res) => {
     // "Your Custom Code"
-    res.send("Is its admin tmpFunction.");
+    res.send("You are an admin (verified by tmpFunction).");
 });
 
 
-// Example of protection with keycloackAdapter.customProtectMiddleware middleware
-// whith a control function tmpFunctionString
+// Example of protection with keycloakInstance.customProtectMiddleware middleware
+// with a control function tmpFunctionString
 // Access is allowed only for authenticated users with role defined by tmpFunctionString
 let tmpFunctionString=function (req,res) {
     let id=req.params.id
     // Control String by url param Id 
     return (`${id}`);
 }
-app.get('/:id/isAdmin', keycloackAdapter.customProtectMiddleware(tmpFunctionString), (req, res) => {
+app.get('/:id/isAdmin', keycloakInstance.customProtectMiddleware(tmpFunctionString), (req, res) => {
     // "Your Custom Code"
-    res.send("Is its admin tmpFunctionString.");
+    res.send("You are an admin (verified by tmpFunctionString).");
 });
 
 
-// Example of protection with keycloackAdapter.encodeTokenRole middleware
+// Example of protection with keycloakInstance.encodeTokenRole middleware
 // Encode the token and add it to req.encodedTokenRole
 // Use req.encodedTokenRole.hasRole("role") to check whether the token has that role or not
-app.get('/encodeToken', keycloackAdapter.encodeTokenRole(), (req, res) => {
+app.get('/encodeToken', keycloakInstance.encodeTokenRole(), (req, res) => {
     if(req.encodedTokenRole.hasRole('realm:admin'))
-        res.send("Is its a realm admin");
+        res.send("You are a realm admin");
     else
-        res.send("Is its'n a realm admin");
+        res.send("You are not a realm admin");
 
 });
 
@@ -309,18 +289,18 @@ app.get('/encodeToken', keycloackAdapter.encodeTokenRole(), (req, res) => {
 // #####################################################################################
 
 
-// Example of protection with keycloackAdapter.enforcerMiddleware middleware
-// whith a static control string
+// Example of protection with keycloakInstance.enforcerMiddleware middleware
+// with a static control string
 // Access is allowed only for users with 'ui-admin-resource' permission defined 
 // in keycloak
-app.get('/adminResource', keycloackAdapter.enforcerMiddleware('ui-admin-resource'), (req, res) => {
+app.get('/adminResource', keycloakInstance.enforcerMiddleware('ui-admin-resource'), (req, res) => {
     // If this section is reached, the user has the required privileges; 
     // otherwise, the middleware responds with a 403 Access Denied.
     res.send('You are an authorized ui-admin-resource User');
 });
 
-// Example of protection with keycloackAdapter.enforcerMiddleware middleware
-// whith a control function tmpFunctionEnforceValidation
+// Example of protection with keycloakInstance.enforcerMiddleware middleware
+// with a control function tmpFunctionEnforceValidation
 // Access is allowed only for users with 'ui-admin-resource' or
 // ui-viewer-resource permission defined in keycloak
 let tmpFunctionEnforceValidation=function (token,req,callback) {
@@ -335,7 +315,7 @@ let tmpFunctionEnforceValidation=function (token,req,callback) {
         }));
     }));
 }
-app.get('/adminOrViewerResorce', keycloackAdapter.enforcerMiddleware(tmpFunctionEnforceValidation), (req, res) => {
+app.get('/adminOrViewerResorce', keycloakInstance.enforcerMiddleware(tmpFunctionEnforceValidation), (req, res) => {
     // If this section is reached, the user has the required privileges 
     // driven by tmpFunctionEnforceValidation; otherwise, the middleware responds
     // with a 403 Access Denied.
@@ -343,27 +323,27 @@ app.get('/adminOrViewerResorce', keycloackAdapter.enforcerMiddleware(tmpFunction
 });
 
 
-// Example of protection with keycloackAdapter.customEnforcerMiddleware middleware
-// whith a control function tmpFunctionEnforce that define the control string
+// Example of protection with keycloakInstance.customEnforcerMiddleware middleware
+// with a control function tmpFunctionEnforce that define the control string
 // Access is allowed only for users with a url params ':permission' permission defined 
 // in keycloak
 let tmpFunctionEnforce=function (req,res) {
     // Permission that depends on a URL parameter.
     return(req.params.permission);
 }
-app.get('/urlParameterPermission/:permission', keycloackAdapter.customEnforcerMiddleware(tmpFunctionEnforce), (req, res) => {
+app.get('/urlParameterPermission/:permission', keycloakInstance.customEnforcerMiddleware(tmpFunctionEnforce), (req, res) => {
     res.send(`You are an authorized User with ${req.params.permission} permission`);
 });
 
-// Example of protection with keycloackAdapter.encodeTokenPermission middleware
-// Encode the token permission and add it to req.encodedTokenPremission
-// Use req.encodedTokenPremission.hasPermission("permission") to check whether
+// Example of protection with keycloakInstance.encodeTokenPermission middleware
+// Encode the token permission and add it to req.encodedTokenPermission
+// Use req.encodedTokenPermission.hasPermission("permission") to check whether
 // the token has that permission or not
-app.get('/encodeTokenPermission', keycloackAdapter.encodeTokenPermission(), (req, res) => {
+app.get('/encodeTokenPermission', keycloakInstance.encodeTokenPermission(), (req, res) => {
     // Check permission using token.hasPermission, which performs the verification
     // and responds with a callback that returns true if the permission is valid, 
     // and false otherwise.
-    req.encodedTokenPremission.hasPermission('ui-admin-resource', function(permission){
+    req.encodedTokenPermission.hasPermission('ui-admin-resource', function(permission){
         if(permission)
             res.send('You are an authorized User by ui-admin-resource permission');
         else res.status(403).send("access Denied");
@@ -395,24 +375,60 @@ a login or error page.
 ### Example 1 — Custom Access Denied Page
 
 ```js
-import responseinterceptor from 'responseinterceptor';
-import keycloakMiddleware from 'keycloak-express-middleware';
+const responseinterceptor = require('responseinterceptor');
+const keycloackAdapter = require('keycloak-express-middleware');
+
+const app = express();
+const keycloakInstance = new keycloackAdapter(app, keyCloakConfig, keyCloakOptions);
 
 
 function tmpInterceptor(req, respond) {
-    // Handling Unauthorized Access (401/403) Gracefully
-  respond(200, '<h1>Access Denied</h1><p>You are not authorized to view this page.</p>');
+    /**
+     * Gracefully handles unauthorized access (401/403).
+     *
+     * This interceptor is executed when a protected route returns
+     * a forbidden status code. Instead of letting the browser show
+     * a blank page with the text "access_denied", it renders a
+     * user-friendly "access-denied" view.
+     *
+     * How it works:
+     * - Uses `req.app.render()` to generate HTML from the EJS template
+     *   without sending it directly to the client.
+     * - If rendering succeeds, the generated HTML is passed to `respond()`,
+     *   which replaces the original 403 response body with our custom page.
+     * - If rendering fails, a fallback HTML message is provided.
+     */
+
+    req.app.render('access-denied', {}, (err, html) => {
+        if (!err) {
+            // Successfully rendered the template → return the generated HTML
+            respond(200, html);
+        } else {
+            // Fallback: template error → send a simple HTML message instead
+            respond(
+                200,
+                '<h1>Access Denied</h1><p>You are not authorized to view this page.</p>'
+            );
+        }
+    });
 }
 
-// if protectMiddleware('role') return a 403 with keycloak blank page then 
-// interceptByStatusCode Handle Unauthorized Access (401/403) Gracefully
+// Route example showing how to gracefully handle 403 responses produced by Keycloak
+//
+// If `protectMiddleware('role')` denies access, Keycloak normally returns a 
+// plain "access_denied" message on a blank page. 
+//
+// By placing `interceptByStatusCode(403, tmpInterceptor)` BEFORE the protectMiddleware,
+// we intercept the 403 response generated by Keycloak and replace it with a
+// custom HTML page (e.g. an EJS template) instead of the default blank output.
+
 app.get(
-  '/test403',
-  responseinterceptor.interceptByStatusCode(403, tmpInterceptor),
-  keycloakMiddleware.protectMiddleware('role'),
-  (req, res) => {
-    res.render('welcome');
-  }
+    '/test403',
+    responseinterceptor.interceptByStatusCode(403, tmpInterceptor),
+    keycloakInstance.protectMiddleware('role'),
+    (req, res) => {
+        res.render('welcome');
+    }
 );
 ```
 
@@ -420,58 +436,91 @@ app.get(
 
 ```js
 function tmpInterceptorDinamic(req, respond) {
-  //your log 
-  switch (req.path) {
-      case '/':
-          respond('/access-denied');        
-          break
-      case '/help':
-          respond('/access-denied-help');
-          break
-      default:
-          respond('/access-denied-default');
-  }
+    /**
+     * Dynamic Redirect Interceptor
+     *
+     * This function decides dynamically where the user should be redirected
+     * after a 403 Unauthorized response is intercepted.
+     *
+     * - `req`     → the original Express request
+     * - `respond` → helper function that receives the final redirect route
+     *
+     * Based on the current request path, we redirect the user to different
+     * "access denied" pages.
+     */
+    switch (req.path) {
+        case '/':
+            respond('/access-denied');
+            break;
+
+        case '/help':
+            respond('/access-denied-help');
+            break;
+
+        default:
+            respond('/access-denied-default');
+    }
 }
 
+// Dedicated "Access Denied" pages
 app.get('/access-denied', (req, res) => {
-  res.render('access-denied');
+    res.render('access-denied');
 });
 
-app.get('/access-denied', (req, res) => {
+app.get('/access-denied-help', (req, res) => {
     res.render('access-denied-help');
 });
 
-app.get('/access-denied', (req, res) => {
+app.get('/access-denied-default', (req, res) => {
     res.render('access-denied-default');
 });
 
-// if protectMiddleware('role') return a 403 with keycloak blank page then 
-// interceptByStatusCode Handle Unauthorized Access (401/403) Gracefully
-// by user redirection with tmpInterceptorDinamic logic
+// -----------------------------------------------------------------------
+// Example: dynamic redirection after Keycloak denies access (403)
+// -----------------------------------------------------------------------
+//
+// If protectMiddleware('none') triggers a 403 (Keycloak default behavior),
+// the `interceptByStatusCodeRedirectTo` middleware intercepts Keycloak’s
+// blank "access_denied" page and replaces it with a redirect determined
+// by tmpInterceptorDinamic().
+//
+// This allows:
+//
+//   ✓ No more blank browser page with "access_denied"
+//   ✓ User-friendly redirection to custom EJS pages
+//   ✓ Dynamic routing logic based on the original request
+//
 app.get(
-  '/test403redirectDynamic',
-  responseinterceptor.interceptByStatusCodeRedirectTo(403, tmpInterceptorDinamic),
-  keycloakMiddleware.protectMiddleware('none'),
-  (req, res) => {
-      res.render('welcome');
-  }
+    '/test403redirectDynamic',
+    responseinterceptor.interceptByStatusCodeRedirectTo(403, tmpInterceptorDinamic),
+    keycloakInstance.protectMiddleware('none'),
+    (req, res) => {
+        res.render('welcome');
+    }
 );
 ```
 
 ### Example 3 — Static Redirect to a Route
 
 ```js
-// if protectMiddleware('role') return a 403 with keycloak blank page then 
-// interceptByStatusCode Handle Unauthorized Access (401/403) Gracefully
-// by user redirection
+// If protectMiddleware('role') triggers a 403 (forbidden) and Keycloak returns
+// the default blank 403 page, we use interceptByStatusCodeRedirectTo()
+// to gracefully handle the unauthorized response.
+//
+// When a 403 is detected, the interceptor forces an HTTP redirect to the
+// custom '/access-denied' route, allowing us to show a friendly UI instead
+// of Keycloak’s default error page.
+//
+// This ensures consistent UX and keeps request flow under our control.
 app.get(
-  '/test403redirectStatic',
-  responseinterceptor.interceptByStatusCodeRedirectTo(403, '/access-denied'),
-  keycloakMiddleware.protectMiddleware('none'),
-  (req, res) => {
-      res.render('welcome');
-  }
+    '/test403redirectStatic',
+    responseinterceptor.interceptByStatusCodeRedirectTo(403, '/access-denied'),
+    keycloakInstance.protectMiddleware('none'),
+    (req, res) => {
+        res.render('welcome');
+    }
 );
+
 ```
 
 ### Summary
@@ -489,10 +538,10 @@ app.get(
 ## 🧩 Configuration
 In your Express application:
 ```js
-import keycloakAdapterClass from 'keycloak-express-middleware';
+const keycloackAdapter = require('keycloak-express-middleware');
 
 // Configure and Initialize Keycloak adapter
-keycloackAdapter=new keycloakAdapterClass(app,{
+const keycloakInstance = new keycloackAdapter(app,{
         "realm": "Realm-Project",
         "auth-server-url": "https://YourKeycloakUrl:30040/",
         "ssl-required": "external",
@@ -508,9 +557,9 @@ keycloackAdapter=new keycloakAdapterClass(app,{
         }
     })
 ```
-`keycloak-express-middleware constructor` instantiate and configure the object for the Keycloak 
-adapter in an Express application. It must be called at app startup, before defining any protected routes.
-It is an async function and returns a promise
+`keycloak-express-middleware constructor` instantiates and configures the Keycloak 
+adapter for an Express application. It must be called at app startup, before defining any protected routes.
+The constructor is synchronous and returns the configured instance immediately.
 
 **` -- @parameters -- `**
 - **app**: `[required]` Express application instance (e.g., const app = express();) or express router (e.g., var router = express.Router();)
@@ -536,58 +585,24 @@ It is an async function and returns a promise
   - **idpHint:** to suggest an identity provider to Keycloak during login
   - **cookies:** to enable cookie handling
   - **realmUrl:** to override the realm URL
----
-## 🔧 Available Middlewares
-### `underKeycloakProtection(callback) - deprecated - ` 
-**@deprecated Method**. Use the `configure` Method with **`await keycloakAdapter.configure({..})`**, then define your resources as you normally would in Express:
-```js
-    await keycloakAdapter.configure(config_Parameters);
-    
-    // Define all your routes here
-
-    app.get('/my-route', handler);
-```
-Alternatively, if you prefer to define your resources inside a container after configuration, you can use the `then` syntax:
-```js
-    keycloakAdapter.configure(configParameters).then(() => {
-        // Define all your routes to protect here
-        app.get('/my-route', handler);
-    });
-```
-This Method is deprecated and will be removed in future versions. It must be called **after** Keycloak has been configured with `configure()`.
-The routes declared inside the provided callback will be protected and will have access to authentication/authorization features managed by Keycloak.
 
-📌 Public (unprotected) routes should be declared **before** calling this method. 
+### Import Alternatives
 
-**` -- @parameters -- `** 
-- **{Function} callback:** `[required]` A function that defines all routes to be protected. It must contain exclusively routes requiring authentication.
+While the examples use CommonJS (`require`), the library also supports ES6 module syntax:
 
-✅ Usage example:
 ```js
-// Public route not protected by Keycloak
-app.get('/public', (req, res) => {
-res.send('Public content');
-});
-
-// Section of routes protected by Keycloak
-keycloakAdapter.underKeycloakProtection(() => {
+// CommonJS (Default)
+const keycloackAdapter = require('keycloak-express-middleware');
 
-    // This function is deprecated and will be removed in future versions. 
-    // It is retained only for backward compatibility with older versions
-    
-    // Route protected by authentication
-    app.get('/confidential', keycloakAdapter.protectMiddleware(), (req, res) => {
-        res.send('Confidential content visible only to authenticated users');
-    });
+// ES6 - Named import (recommended for clarity)
+import { keycloackAdapter } from 'keycloak-express-middleware';
 
-    // Route with forced login: handled directly by middleware
-    app.get('/loginMiddleware', keycloakAdapter.loginMiddleware("/home"), (req, res) => {
-        // This response will never be sent because the middleware handles the 
-        // request directly
-    });
-});
+// ES6 - Default import
+import keycloackAdapter from 'keycloak-express-middleware';
 ```
+
 ---
+## 🔧 Available Middlewares
 ### `protectMiddleware([conditions])`
 Middleware to protect Express routes based on authentication and, optionally, authorization via Keycloak roles. 
 Allows restricting access to a resource only to authenticated users or to those possessing specific roles in the realm or in a Keycloak client.
@@ -963,7 +978,7 @@ After successful login, the user is redirected to the URL specified in the `redi
 - **redirectTo:** `[required]` URL to redirect the user to after successful login
 
 --- Behavior ---
-1. Attempts to protect the request using `keycloak.protect()`.
+1. Attempts to protect the request using `protectMiddleware()`.
 2. If the user **is authenticated**, it performs `res.redirect(redirectTo)`.
 3. If **not authenticated**, Keycloak automatically handles redirection to the login page.
 

package/index.js

@@ -838,7 +838,7 @@ class keycloakExpressMiddleware {
      * --- Aggiunte a `req` ---
      * Dopo l'applicazione del middleware, `req` contiene:
      *
-     * @property {Object} req.encodedTokenPremission
+     * @property {Object} req.encodedTokenPermission
      *     Un oggetto che espone il metodo:
      *
      *     - `hasPermission(permission: string, callback: function(boolean))`
@@ -851,7 +851,7 @@ class keycloakExpressMiddleware {
      * app.get('/encodeTokenPermission',
      *     keycloakAdapter.encodeTokenPermission(),
      *     (req, res) => {
-     *         req.encodedTokenPremission.hasPermission('ui-admin-resource', function(perm) {
+     *         req.encodedTokenPermission.hasPermission('ui-admin-resource', function(perm) {
      *             if (perm)
      *                 res.send('You are an authorized admin User by function permission parameters');
      *             else
@@ -907,7 +907,7 @@ class keycloakExpressMiddleware {
     encodeTokenPermission(){
         const self = this;
         return(function (req,res,next){
-            req.encodedTokenPremission={
+            req.encodedTokenPermission={
                 "hasPermission":function(permission,callback){
                     self.#encodeTokenPermissionHandler(permission,req,res,callback);
                 }
@@ -1286,6 +1286,8 @@ class keycloakExpressMiddleware {
 
 
 module.exports = keycloakExpressMiddleware;
+module.exports.keycloackAdapter = keycloakExpressMiddleware; // Named export for backward compatibility and ES6 support
+module.exports.default = keycloakExpressMiddleware; // Default export for ES6 modules
 
 /*
  <table><tbody>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "keycloak-express-middleware",
-  "version": "6.0.1",
+  "version": "6.0.3",
   "description": "Adapter API to integrate Node.js (Express) applications with Keycloak. Provides middleware for authentication, authorization, token validation, and route protection via OpenID Connect.",
   "main": "index.js",
   "scripts": {