Keycloak NodeJS Adapter demo

Setup

git clone https://github.com/nmasse-itix/keycloak-quarkus-demo.git
cd keycloak-quarkus-demo

Demo scenario

Install Red Hat SSO.

Create a Realm named Red Hat.

Start the Petstore Server.

./mvnw compile quarkus:dev

Show some REST requests.

http http://localhost:8080/pets/ 
http http://localhost:8080/pets/1

Create a client named "quarkus-app", Bearer Only.

Edit resources/application.properties and fill-in the blanks.

Edit pom.xml and uncomment quarkus-smallrye-jwt.

Edit src/main/java/fr/itix/petstore/PetstoreResource.java and uncomment all lines.

Show that the Petstore server now requires authentication.

http http://localhost:8080/pets/ 

Create a confidential client named "rest-client", with only the Direct Access Grants flow enabled.

Create a user john with password secret.

Request a token for john.

curl https://$SSO_HOSTNAME/auth/realms/redhat/protocol/openid-connect/token -XPOST -d client_id=rest-client -d client_secret=$CLIENT_SECRET -d grant_type=password -d username=john -d password=secret 

Save it for later.

TOKEN=$(curl https://$SSO_HOSTNAME/auth/realms/redhat/protocol/openid-connect/token -XPOST -d client_id=rest-client -d client_secret=$CLIENT_SECRET -d grant_type=password -d username=john -d password=secret -s |jq -r .access_token)

Show that now, calls are rejected.

http http://localhost:8080/pets/ "Authorization:Bearer $TOKEN"

Give the read role to john, get a new token and show that you can query the Read REST endpoints.

http http://localhost:8080/pets/ "Authorization:Bearer $TOKEN"

Write calls a forbidden.

http DELETE http://localhost:8080/pets/1 "Authorization:Bearer $TOKEN"

Give the write role to john, get a new token and show that you can query the Write REST endpoints.