Enforcing routes based on URL parameter

[Robert Winter]

Hi,

How can I use keycloak.enforce() based on an parameter provided in the URL?

The Keycloak server is set up so that if I send a hardcoded resource ID to keycloak.enforcer(), it enforces correctly. How can I get it to enforce on a dynamic ID?

With Typescript / Express routing and the keycloak-connect module:

{
 path: "/companies/:orgid",
 method: "get",
 handler: [
 keycloak.enforcer(req.params.orgid), // <-- How to get hold of the req object so we can send it to keycloak?

async ( req: Request,res: Response): Promise<void> => {
// enforcer approved the token, handle logic here
}

The other option I'm exploring is to try to protect the route by using keycloak.protect() and evaluating the response from the enforcer, but how can I do that? 

Protect route by:

keycloak.protect(protectByOrgID),

protectByOrgID:

export const protectByOrgID = (token: Token, req: Request): boolean => {
 const rh: RequestHandler = keycloak.enforcer(req.params.orgid);
 console.log(rh.toString()); // returns the function from enforcement function -https://github.com/keycloak/keycloak-nodejs-connect/blob/master/middleware/enforcer.js

// How to evaluate the RequestHandler returned from keycloak.enforcer() and return true or false?
};

[Pedro Igor Craveiro e Silva]

You need to push claims to the server. I think this is an example [1] that might serve your purpose.

[1] https://github.com/keycloak/keycloak-nodejs-connect/blob/master/test/fixtures/node-console/index.js#L177

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/96160bf7-b1cd-425b-a9ff-3763376880cfo%40googlegroups.com.

[Osama Salem]

Were you able to figure this out? I want to do the same thing.