nestjs-keycloak-auth 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +391 -0
  3. package/dist/constants.d.ts +65 -0
  4. package/dist/constants.js +72 -0
  5. package/dist/controllers/keycloak-admin.controller.d.ts +16 -0
  6. package/dist/controllers/keycloak-admin.controller.js +94 -0
  7. package/dist/decorators/access-token.decorator.d.ts +5 -0
  8. package/dist/decorators/access-token.decorator.js +13 -0
  9. package/dist/decorators/enforcer-options.decorator.d.ts +8 -0
  10. package/dist/decorators/enforcer-options.decorator.js +12 -0
  11. package/dist/decorators/keycloak-user.decorator.d.ts +5 -0
  12. package/dist/decorators/keycloak-user.decorator.js +13 -0
  13. package/dist/decorators/public.decorator.d.ts +6 -0
  14. package/dist/decorators/public.decorator.js +11 -0
  15. package/dist/decorators/resource.decorator.d.ts +6 -0
  16. package/dist/decorators/resource.decorator.js +11 -0
  17. package/dist/decorators/roles.decorator.d.ts +10 -0
  18. package/dist/decorators/roles.decorator.js +15 -0
  19. package/dist/decorators/scopes.decorator.d.ts +19 -0
  20. package/dist/decorators/scopes.decorator.js +27 -0
  21. package/dist/decorators/token-scopes.decorator.d.ts +19 -0
  22. package/dist/decorators/token-scopes.decorator.js +24 -0
  23. package/dist/errors.d.ts +24 -0
  24. package/dist/errors.js +44 -0
  25. package/dist/guards/auth.guard.d.ts +25 -0
  26. package/dist/guards/auth.guard.js +176 -0
  27. package/dist/guards/resource.guard.d.ts +26 -0
  28. package/dist/guards/resource.guard.js +245 -0
  29. package/dist/guards/role.guard.d.ts +17 -0
  30. package/dist/guards/role.guard.js +113 -0
  31. package/dist/index.d.ts +1 -0
  32. package/dist/index.js +18 -0
  33. package/dist/interface/enforcer-options.interface.d.ts +8 -0
  34. package/dist/interface/enforcer-options.interface.js +2 -0
  35. package/dist/interface/jwks.interface.d.ts +22 -0
  36. package/dist/interface/jwks.interface.js +2 -0
  37. package/dist/interface/jwt.interface.d.ts +46 -0
  38. package/dist/interface/jwt.interface.js +2 -0
  39. package/dist/interface/keycloak-auth-module-async-options.interface.d.ts +11 -0
  40. package/dist/interface/keycloak-auth-module-async-options.interface.js +2 -0
  41. package/dist/interface/keycloak-auth-options-factory.interface.d.ts +4 -0
  42. package/dist/interface/keycloak-auth-options-factory.interface.js +2 -0
  43. package/dist/interface/keycloak-auth-options.interface.d.ts +162 -0
  44. package/dist/interface/keycloak-auth-options.interface.js +3 -0
  45. package/dist/interface/keycloak-grant.interface.d.ts +33 -0
  46. package/dist/interface/keycloak-grant.interface.js +2 -0
  47. package/dist/interface/keycloak-request.interface.d.ts +8 -0
  48. package/dist/interface/keycloak-request.interface.js +2 -0
  49. package/dist/interface/oidc.interface.d.ts +14 -0
  50. package/dist/interface/oidc.interface.js +2 -0
  51. package/dist/interface/server.interface.d.ts +9 -0
  52. package/dist/interface/server.interface.js +2 -0
  53. package/dist/interface/tenant-config.interface.d.ts +13 -0
  54. package/dist/interface/tenant-config.interface.js +2 -0
  55. package/dist/internal.util.d.ts +13 -0
  56. package/dist/internal.util.js +54 -0
  57. package/dist/keycloak-auth.module.d.ts +54 -0
  58. package/dist/keycloak-auth.module.js +174 -0
  59. package/dist/keycloak-auth.providers.d.ts +7 -0
  60. package/dist/keycloak-auth.providers.js +122 -0
  61. package/dist/services/backchannel-logout.service.d.ts +30 -0
  62. package/dist/services/backchannel-logout.service.js +100 -0
  63. package/dist/services/jwks-cache.service.d.ts +25 -0
  64. package/dist/services/jwks-cache.service.js +130 -0
  65. package/dist/services/keycloak-admin.service.d.ts +37 -0
  66. package/dist/services/keycloak-admin.service.js +268 -0
  67. package/dist/services/keycloak-grant.service.d.ts +23 -0
  68. package/dist/services/keycloak-grant.service.js +88 -0
  69. package/dist/services/keycloak-http.service.d.ts +41 -0
  70. package/dist/services/keycloak-http.service.js +211 -0
  71. package/dist/services/keycloak-multitenant.service.d.ts +24 -0
  72. package/dist/services/keycloak-multitenant.service.js +161 -0
  73. package/dist/services/keycloak-url.service.d.ts +12 -0
  74. package/dist/services/keycloak-url.service.js +43 -0
  75. package/dist/services/oidc-discovery.service.d.ts +24 -0
  76. package/dist/services/oidc-discovery.service.js +86 -0
  77. package/dist/services/token-validation.service.d.ts +29 -0
  78. package/dist/services/token-validation.service.js +215 -0
  79. package/dist/token/keycloak-grant.d.ts +24 -0
  80. package/dist/token/keycloak-grant.js +37 -0
  81. package/dist/token/keycloak-token.d.ts +57 -0
  82. package/dist/token/keycloak-token.js +105 -0
  83. package/dist/types/conditional-scope.type.d.ts +2 -0
  84. package/dist/types/conditional-scope.type.js +2 -0
  85. package/dist/util.d.ts +3 -0
  86. package/dist/util.js +17 -0
  87. package/package.json +130 -0
@@ -0,0 +1,162 @@
1
+ import { PolicyEnforcementMode, RoleMerge, TokenValidation } from '../constants';
2
+ export type KeycloakAuthOptions = string | KeycloakAuthConfig;
3
+ /**
4
+ * Multi tenant configuration.
5
+ */
6
+ export interface MultiTenantOptions {
7
+ /**
8
+ * Option to always resolve the realm and secret. Disabled by default.
9
+ */
10
+ resolveAlways?: boolean;
11
+ /**
12
+ * The realm resolver function.
13
+ */
14
+ realmResolver: (request: unknown) => Promise<string> | string;
15
+ /**
16
+ * The realm secret resolver function.
17
+ */
18
+ realmSecretResolver?: (realm: string, request?: unknown) => Promise<string> | string;
19
+ /**
20
+ * The realm auth server url resolver function.
21
+ */
22
+ realmAuthServerUrlResolver?: (realm: string, request?: unknown) => Promise<string> | string;
23
+ /**
24
+ * The realm client id resolver function.
25
+ */
26
+ realmClientIdResolver: (realm: string, request?: unknown) => Promise<string> | string;
27
+ }
28
+ /**
29
+ * Library only configuration.
30
+ */
31
+ export interface NestKeycloakConfig {
32
+ /**
33
+ * Sets the policy enforcement mode for this adapter, defaults to {@link PolicyEnforcementMode.PERMISSIVE}.
34
+ */
35
+ policyEnforcement?: PolicyEnforcementMode;
36
+ /**
37
+ * Sets the token validation method, defaults to {@link TokenValidation.ONLINE}.
38
+ */
39
+ tokenValidation?: TokenValidation;
40
+ /**
41
+ * Multi tenant options.
42
+ */
43
+ multiTenant?: MultiTenantOptions;
44
+ /**
45
+ * Role merging options.
46
+ */
47
+ roleMerge?: RoleMerge;
48
+ }
49
+ /**
50
+ * Keycloak Connect options.
51
+ * @see {@link https://github.com/keycloak/keycloak-nodejs-connect/blob/f8e011aea5/middleware/auth-utils/config.js}
52
+ */
53
+ export interface KeycloakAuthConfig extends NestKeycloakConfig {
54
+ /**
55
+ * Realm ID.
56
+ */
57
+ realm?: string;
58
+ /**
59
+ * Client/Application ID.
60
+ */
61
+ resource?: string;
62
+ /**
63
+ * Client/Application ID.
64
+ * @see {KeycloakAuthOptions#resource}
65
+ */
66
+ 'client-id'?: string;
67
+ /**
68
+ * Client/Application ID.
69
+ * @see {KeycloakAuthOptions#resource}
70
+ */
71
+ clientId?: string;
72
+ /**
73
+ * Client/Application secret.
74
+ */
75
+ credentials?: KeycloakCredentials;
76
+ /**
77
+ * Client/Application secret.
78
+ * @see {KeycloakCredentials#secret}
79
+ */
80
+ secret: string;
81
+ /**
82
+ * If this is a public application or confidential.
83
+ * @see {KeycloakAuthOptions#public}
84
+ */
85
+ 'public-client'?: boolean;
86
+ /**
87
+ * If this is a public application or confidential.
88
+ */
89
+ public?: boolean;
90
+ /**
91
+ * Authentication server URL.
92
+ * @see {KeycloakAuthOptions#authServerUrl}
93
+ */
94
+ 'auth-server-url'?: string;
95
+ /**
96
+ * Authentication server URL.
97
+ * @see {KeycloakAuthOptions#authServerUrl}
98
+ */
99
+ 'server-url'?: string;
100
+ /**
101
+ * Authentication server URL.
102
+ * @see {KeycloakAuthOptions#authServerUrl}
103
+ */
104
+ serverUrl?: string;
105
+ /**
106
+ * Authentication server URL.
107
+ */
108
+ authServerUrl?: string;
109
+ /**
110
+ * How many minutes before retrying getting the keys.
111
+ * @see {KeycloakAuthOptions#minTimeBetweenJwksRequests}
112
+ */
113
+ 'min-time-between-jwks-requests'?: number;
114
+ /**
115
+ * How many minutes before retrying getting the keys.
116
+ */
117
+ minTimeBetweenJwksRequests?: number;
118
+ /**
119
+ * If this is a Bearer Only application.
120
+ * @see {KeycloakAuthOptions#bearerOnly}
121
+ */
122
+ 'bearer-only'?: boolean;
123
+ /**
124
+ * If this is a Bearer Only application.
125
+ */
126
+ bearerOnly?: boolean;
127
+ /**
128
+ * Formatted public-key.
129
+ * @see {KeycloakAuthOptions#realmPublicKey}
130
+ */
131
+ 'realm-public-key'?: string;
132
+ /**
133
+ * Formatted public-key.
134
+ */
135
+ realmPublicKey?: string;
136
+ /**
137
+ * Verify token audience.
138
+ * @see {KeycloakAuthOptions#verifyTokenAudience}
139
+ */
140
+ 'verify-token-audience'?: boolean;
141
+ /**
142
+ * Verify token audience.
143
+ */
144
+ verifyTokenAudience?: boolean;
145
+ /**
146
+ * Confidential port.
147
+ */
148
+ 'confidential-port'?: string | number;
149
+ /**
150
+ * Require SSL.
151
+ */
152
+ 'ssl-required'?: string;
153
+ }
154
+ /**
155
+ * Represents Keycloak credentials.
156
+ */
157
+ export interface KeycloakCredentials {
158
+ /**
159
+ * Client/Application secret.
160
+ */
161
+ secret: string;
162
+ }
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ // The typings are a bit of a mess, I'm sure there's a better way to do this.
3
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,33 @@
1
+ export interface KeycloakGrantResponse {
2
+ access_token: string;
3
+ expires_in: number;
4
+ token_type: string;
5
+ refresh_token?: string;
6
+ id_token?: string;
7
+ refresh_expires_in?: number;
8
+ scope?: string;
9
+ 'not-before-policy'?: number;
10
+ session_state?: string;
11
+ }
12
+ export interface KeycloakUserInfoResponse {
13
+ sub: string;
14
+ name?: string;
15
+ preferred_username?: string;
16
+ given_name?: string;
17
+ family_name?: string;
18
+ email?: string;
19
+ email_verified?: boolean;
20
+ [key: string]: unknown;
21
+ }
22
+ export interface PermissionCheckOptions {
23
+ claims?: Record<string, unknown>;
24
+ response_mode?: 'decision' | 'permissions' | 'token';
25
+ audience?: string;
26
+ subject_token?: string;
27
+ isPublic?: boolean;
28
+ }
29
+ export interface KeycloakPermission {
30
+ rsid?: string;
31
+ rsname?: string;
32
+ scopes?: string[];
33
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,8 @@
1
+ export interface KeycloakRequestLike {
2
+ headers: Record<string, string | string[] | undefined>;
3
+ user?: Record<string, unknown>;
4
+ accessToken?: string;
5
+ scopes?: string[];
6
+ permissions?: unknown[];
7
+ [key: string]: unknown;
8
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,14 @@
1
+ /**
2
+ * Discovered OIDC endpoint URLs from .well-known/openid-configuration.
3
+ */
4
+ export interface OidcEndpoints {
5
+ jwks_uri: string;
6
+ token_endpoint: string;
7
+ introspection_endpoint: string;
8
+ userinfo_endpoint: string;
9
+ end_session_endpoint: string;
10
+ }
11
+ export interface CachedDiscovery {
12
+ endpoints: OidcEndpoints;
13
+ fetchedAt: number;
14
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,9 @@
1
+ export interface ServerResponse {
2
+ status(code: number): ServerResponse;
3
+ send(data: string): void;
4
+ }
5
+ export interface ServerRequest {
6
+ body?: unknown;
7
+ rawBody?: unknown;
8
+ [key: string]: unknown;
9
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Resolved tenant configuration — plain data replacing keycloak-connect's Keycloak instance.
3
+ */
4
+ export interface ResolvedTenantConfig {
5
+ authServerUrl: string;
6
+ realm: string;
7
+ clientId: string;
8
+ secret: string;
9
+ realmUrl: string;
10
+ realmAdminUrl: string;
11
+ isPublic: boolean;
12
+ bearerOnly: boolean;
13
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,13 @@
1
+ import { ExecutionContext } from '@nestjs/common';
2
+ import { ResolvedTenantConfig } from './interface/tenant-config.interface';
3
+ import { KeycloakRequestLike } from './interface/keycloak-request.interface';
4
+ import { KeycloakAuthConfig } from './interface/keycloak-auth-options.interface';
5
+ import { KeycloakMultiTenantService } from './services/keycloak-multitenant.service';
6
+ export { KeycloakRequestLike };
7
+ /**
8
+ * Resolves the tenant configuration for the current request.
9
+ * For multi-tenant: uses the realm resolver or extracts realm from JWT issuer.
10
+ * For single-tenant: returns the provided default config.
11
+ */
12
+ export declare const useTenantConfig: (request: KeycloakRequestLike, jwt: string | undefined, singleTenantConfig: ResolvedTenantConfig, multiTenant: KeycloakMultiTenantService, opts: KeycloakAuthConfig) => Promise<ResolvedTenantConfig>;
13
+ export declare const extractRequest: (context: ExecutionContext) => [KeycloakRequestLike | undefined, unknown];
@@ -0,0 +1,54 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.extractRequest = exports.useTenantConfig = void 0;
13
+ const util_1 = require("./util");
14
+ /**
15
+ * Resolves the tenant configuration for the current request.
16
+ * For multi-tenant: uses the realm resolver or extracts realm from JWT issuer.
17
+ * For single-tenant: returns the provided default config.
18
+ */
19
+ const useTenantConfig = (request, jwt, singleTenantConfig, multiTenant, opts) => __awaiter(void 0, void 0, void 0, function* () {
20
+ var _a;
21
+ if (opts.multiTenant && opts.multiTenant.realmResolver) {
22
+ const resolvedRealm = opts.multiTenant.realmResolver(request);
23
+ const realm = resolvedRealm instanceof Promise ? yield resolvedRealm : resolvedRealm;
24
+ return yield multiTenant.get(realm, request);
25
+ }
26
+ else if (!opts.realm) {
27
+ if (!jwt) {
28
+ return singleTenantConfig;
29
+ }
30
+ try {
31
+ const payload = (0, util_1.parseToken)(jwt);
32
+ const issuerRealm = (_a = payload.iss) === null || _a === void 0 ? void 0 : _a.split('/').pop();
33
+ if (issuerRealm) {
34
+ return yield multiTenant.get(issuerRealm, request);
35
+ }
36
+ }
37
+ catch (_b) {
38
+ // Fall back to the default config when issuer parsing fails.
39
+ return singleTenantConfig;
40
+ }
41
+ }
42
+ return singleTenantConfig;
43
+ });
44
+ exports.useTenantConfig = useTenantConfig;
45
+ const extractRequest = (context) => {
46
+ if (context.getType() === 'http') {
47
+ const httpContext = context.switchToHttp();
48
+ const request = httpContext.getRequest();
49
+ const response = httpContext.getResponse();
50
+ return [request, response];
51
+ }
52
+ return [undefined, undefined];
53
+ };
54
+ exports.extractRequest = extractRequest;
@@ -0,0 +1,54 @@
1
+ import { DynamicModule, Logger } from '@nestjs/common';
2
+ import { KeycloakAuthOptions, NestKeycloakConfig } from './interface/keycloak-auth-options.interface';
3
+ import { KeycloakAuthModuleAsyncOptions } from './interface/keycloak-auth-module-async-options.interface';
4
+ export * from './constants';
5
+ export * from './decorators/access-token.decorator';
6
+ export * from './decorators/enforcer-options.decorator';
7
+ export * from './decorators/keycloak-user.decorator';
8
+ export * from './decorators/public.decorator';
9
+ export * from './decorators/resource.decorator';
10
+ export * from './decorators/roles.decorator';
11
+ export * from './decorators/scopes.decorator';
12
+ export * from './decorators/token-scopes.decorator';
13
+ export * from './guards/auth.guard';
14
+ export * from './guards/resource.guard';
15
+ export * from './guards/role.guard';
16
+ export * from './interface/jwt.interface';
17
+ export * from './interface/keycloak-auth-module-async-options.interface';
18
+ export * from './interface/keycloak-auth-options-factory.interface';
19
+ export * from './interface/keycloak-auth-options.interface';
20
+ export * from './interface/keycloak-request.interface';
21
+ export * from './interface/oidc.interface';
22
+ export * from './interface/server.interface';
23
+ export * from './interface/tenant-config.interface';
24
+ export * from './interface/enforcer-options.interface';
25
+ export * from './interface/jwks.interface';
26
+ export * from './interface/keycloak-grant.interface';
27
+ export * from './services/keycloak-multitenant.service';
28
+ export * from './services/oidc-discovery.service';
29
+ export * from './services/keycloak-http.service';
30
+ export * from './services/keycloak-url.service';
31
+ export * from './services/keycloak-grant.service';
32
+ export * from './services/jwks-cache.service';
33
+ export * from './services/token-validation.service';
34
+ export * from './services/backchannel-logout.service';
35
+ export * from './services/keycloak-admin.service';
36
+ export * from './controllers/keycloak-admin.controller';
37
+ export * from './token/keycloak-token';
38
+ export * from './token/keycloak-grant';
39
+ export * from './types/conditional-scope.type';
40
+ export * from './errors';
41
+ export * from './util';
42
+ export declare class KeycloakAuthModule {
43
+ static logger: Logger;
44
+ /**
45
+ * Register the `KeycloakAuth` module.
46
+ * @param opts `keycloak.json` path in string or {@link NestKeycloakConfig} object.
47
+ * @param config {@link NestKeycloakConfig} when using `keycloak.json` path, optional
48
+ * @returns
49
+ */
50
+ static register(opts: KeycloakAuthOptions, config?: NestKeycloakConfig): DynamicModule;
51
+ static registerAsync(opts: KeycloakAuthModuleAsyncOptions): DynamicModule;
52
+ private static createAsyncProviders;
53
+ private static createAsyncOptionsProvider;
54
+ }
@@ -0,0 +1,174 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
14
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
15
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
16
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
17
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
18
+ };
19
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
20
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
21
+ };
22
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
23
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
24
+ return new (P || (P = Promise))(function (resolve, reject) {
25
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
26
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
27
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
28
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
29
+ });
30
+ };
31
+ var KeycloakAuthModule_1;
32
+ Object.defineProperty(exports, "__esModule", { value: true });
33
+ exports.KeycloakAuthModule = void 0;
34
+ const axios_1 = require("@nestjs/axios");
35
+ const jwks_cache_service_1 = require("./services/jwks-cache.service");
36
+ const keycloak_http_service_1 = require("./services/keycloak-http.service");
37
+ const keycloak_grant_service_1 = require("./services/keycloak-grant.service");
38
+ const oidc_discovery_service_1 = require("./services/oidc-discovery.service");
39
+ const keycloak_admin_service_1 = require("./services/keycloak-admin.service");
40
+ const common_1 = require("@nestjs/common");
41
+ const token_validation_service_1 = require("./services/token-validation.service");
42
+ const constants_1 = require("./constants");
43
+ const backchannel_logout_service_1 = require("./services/backchannel-logout.service");
44
+ const keycloak_admin_controller_1 = require("./controllers/keycloak-admin.controller");
45
+ const keycloak_multitenant_service_1 = require("./services/keycloak-multitenant.service");
46
+ const keycloak_auth_providers_1 = require("./keycloak-auth.providers");
47
+ __exportStar(require("./constants"), exports);
48
+ __exportStar(require("./decorators/access-token.decorator"), exports);
49
+ __exportStar(require("./decorators/enforcer-options.decorator"), exports);
50
+ __exportStar(require("./decorators/keycloak-user.decorator"), exports);
51
+ __exportStar(require("./decorators/public.decorator"), exports);
52
+ __exportStar(require("./decorators/resource.decorator"), exports);
53
+ __exportStar(require("./decorators/roles.decorator"), exports);
54
+ __exportStar(require("./decorators/scopes.decorator"), exports);
55
+ __exportStar(require("./decorators/token-scopes.decorator"), exports);
56
+ __exportStar(require("./guards/auth.guard"), exports);
57
+ __exportStar(require("./guards/resource.guard"), exports);
58
+ __exportStar(require("./guards/role.guard"), exports);
59
+ __exportStar(require("./interface/jwt.interface"), exports);
60
+ __exportStar(require("./interface/keycloak-auth-module-async-options.interface"), exports);
61
+ __exportStar(require("./interface/keycloak-auth-options-factory.interface"), exports);
62
+ __exportStar(require("./interface/keycloak-auth-options.interface"), exports);
63
+ __exportStar(require("./interface/keycloak-request.interface"), exports);
64
+ __exportStar(require("./interface/oidc.interface"), exports);
65
+ __exportStar(require("./interface/server.interface"), exports);
66
+ __exportStar(require("./interface/tenant-config.interface"), exports);
67
+ __exportStar(require("./interface/enforcer-options.interface"), exports);
68
+ __exportStar(require("./interface/jwks.interface"), exports);
69
+ __exportStar(require("./interface/keycloak-grant.interface"), exports);
70
+ __exportStar(require("./services/keycloak-multitenant.service"), exports);
71
+ __exportStar(require("./services/oidc-discovery.service"), exports);
72
+ __exportStar(require("./services/keycloak-http.service"), exports);
73
+ __exportStar(require("./services/keycloak-url.service"), exports);
74
+ __exportStar(require("./services/keycloak-grant.service"), exports);
75
+ __exportStar(require("./services/jwks-cache.service"), exports);
76
+ __exportStar(require("./services/token-validation.service"), exports);
77
+ __exportStar(require("./services/backchannel-logout.service"), exports);
78
+ __exportStar(require("./services/keycloak-admin.service"), exports);
79
+ __exportStar(require("./controllers/keycloak-admin.controller"), exports);
80
+ __exportStar(require("./token/keycloak-token"), exports);
81
+ __exportStar(require("./token/keycloak-grant"), exports);
82
+ __exportStar(require("./types/conditional-scope.type"), exports);
83
+ __exportStar(require("./errors"), exports);
84
+ __exportStar(require("./util"), exports);
85
+ let KeycloakAuthModule = KeycloakAuthModule_1 = class KeycloakAuthModule {
86
+ /**
87
+ * Register the `KeycloakAuth` module.
88
+ * @param opts `keycloak.json` path in string or {@link NestKeycloakConfig} object.
89
+ * @param config {@link NestKeycloakConfig} when using `keycloak.json` path, optional
90
+ * @returns
91
+ */
92
+ static register(opts, config) {
93
+ const keycloakConnectProviders = [
94
+ (0, keycloak_auth_providers_1.createKeycloakAuthOptionProvider)(opts, config),
95
+ keycloak_auth_providers_1.keycloakProvider,
96
+ keycloak_multitenant_service_1.KeycloakMultiTenantService,
97
+ {
98
+ provide: constants_1.KEYCLOAK_MULTITENANT_SERVICE,
99
+ useClass: keycloak_multitenant_service_1.KeycloakMultiTenantService,
100
+ },
101
+ oidc_discovery_service_1.OidcDiscoveryService,
102
+ keycloak_http_service_1.KeycloakHttpService,
103
+ keycloak_grant_service_1.KeycloakGrantService,
104
+ jwks_cache_service_1.JwksCacheService,
105
+ token_validation_service_1.TokenValidationService,
106
+ backchannel_logout_service_1.BackchannelLogoutService,
107
+ keycloak_admin_service_1.KeycloakAdminService,
108
+ ];
109
+ return {
110
+ module: KeycloakAuthModule_1,
111
+ imports: [axios_1.HttpModule],
112
+ controllers: [keycloak_admin_controller_1.KeycloakAdminController],
113
+ providers: keycloakConnectProviders,
114
+ exports: keycloakConnectProviders,
115
+ };
116
+ }
117
+ static registerAsync(opts) {
118
+ const optsProvider = this.createAsyncProviders(opts);
119
+ return {
120
+ module: KeycloakAuthModule_1,
121
+ imports: [...(opts.imports || []), axios_1.HttpModule],
122
+ controllers: [keycloak_admin_controller_1.KeycloakAdminController],
123
+ providers: optsProvider,
124
+ exports: optsProvider,
125
+ };
126
+ }
127
+ static createAsyncProviders(options) {
128
+ const reqProviders = [
129
+ this.createAsyncOptionsProvider(options),
130
+ keycloak_auth_providers_1.keycloakProvider,
131
+ keycloak_multitenant_service_1.KeycloakMultiTenantService,
132
+ {
133
+ provide: constants_1.KEYCLOAK_MULTITENANT_SERVICE,
134
+ useClass: keycloak_multitenant_service_1.KeycloakMultiTenantService,
135
+ },
136
+ oidc_discovery_service_1.OidcDiscoveryService,
137
+ keycloak_http_service_1.KeycloakHttpService,
138
+ keycloak_grant_service_1.KeycloakGrantService,
139
+ jwks_cache_service_1.JwksCacheService,
140
+ token_validation_service_1.TokenValidationService,
141
+ backchannel_logout_service_1.BackchannelLogoutService,
142
+ keycloak_admin_service_1.KeycloakAdminService,
143
+ ];
144
+ if (options.useExisting || options.useFactory) {
145
+ return reqProviders;
146
+ }
147
+ return [
148
+ ...reqProviders,
149
+ {
150
+ provide: options.useClass,
151
+ useClass: options.useClass,
152
+ },
153
+ ];
154
+ }
155
+ static createAsyncOptionsProvider(options) {
156
+ if (options.useFactory) {
157
+ return {
158
+ provide: constants_1.KEYCLOAK_AUTH_OPTIONS,
159
+ useFactory: options.useFactory,
160
+ inject: options.inject || [],
161
+ };
162
+ }
163
+ return {
164
+ provide: constants_1.KEYCLOAK_AUTH_OPTIONS,
165
+ useFactory: (optionsFactory) => __awaiter(this, void 0, void 0, function* () { return yield optionsFactory.createKeycloakAuthOptions(); }),
166
+ inject: [options.useExisting || options.useClass],
167
+ };
168
+ }
169
+ };
170
+ exports.KeycloakAuthModule = KeycloakAuthModule;
171
+ KeycloakAuthModule.logger = new common_1.Logger(KeycloakAuthModule_1.name);
172
+ exports.KeycloakAuthModule = KeycloakAuthModule = KeycloakAuthModule_1 = __decorate([
173
+ (0, common_1.Module)({})
174
+ ], KeycloakAuthModule);
@@ -0,0 +1,7 @@
1
+ import { Provider } from '@nestjs/common';
2
+ import { KeycloakAuthConfig, KeycloakAuthOptions, NestKeycloakConfig } from './interface/keycloak-auth-options.interface';
3
+ export declare const keycloakProvider: Provider;
4
+ export declare const createKeycloakAuthOptionProvider: (opts: KeycloakAuthOptions, config?: NestKeycloakConfig) => {
5
+ provide: string;
6
+ useValue: KeycloakAuthConfig;
7
+ };