Skip to main content

Interface: KeycloakConnectorConfigBase

Properties

DANGEROUS_disableJwtClientAuthentication

Optional DANGEROUS_disableJwtClientAuthentication: boolean

Option to disable signed JWT authentication *

Defined in

packages/backend/server/src/types.ts:85

alwaysVerifyAccessTokenWithServer

Optional alwaysVerifyAccessTokenWithServer: boolean

Forces the server to validate all access tokens provided by during a user request, regardless of route

Defined in

packages/backend/server/src/types.ts:145

authCookieTimeout

authCookieTimeout: number

How long until the initial login sequence cookie expires. Shorter times may impact users who may take a while to finish logging in.

Defined in

packages/backend/server/src/types.ts:112

authServerUrl

authServerUrl: string

The OP server url

Defined in

packages/backend/server/src/types.ts:66

caseSensitiveRoleCheck

Optional caseSensitiveRoleCheck: boolean

When true, a case-sensitive search is used to match requirements to user's roles

Defined in

packages/backend/server/src/types.ts:127

clientId

Optional clientId: string

The keycloak client id *

Defined in

packages/backend/server/src/types.ts:75

clientSecret

Optional clientSecret: string

The keycloak client secret *

Defined in

packages/backend/server/src/types.ts:78

clusterProvider

Optional clusterProvider: AbstractClusterProvider<void>

Specify a cluster provider in order to synchronize instances of the same app

Defined in

packages/backend/server/src/types.ts:139

decorateUserStatus

Optional decorateUserStatus: DecorateUserStatusBackend

Allows decoration of the user status endpoint

Defined in

packages/backend/server/src/types.ts:161

defaultResourceAccessKey

Optional defaultResourceAccessKey: string

When a role rule doesn't specify a specific client, the default is to use the current client_id when searching through the resource_access key of the JWT for required roles. Overridable here.

Defined in

packages/backend/server/src/types.ts:124

eagerRefreshTime

Optional eagerRefreshTime: number | false

Desc

The amount of time in minutes the client should attempt to refresh the access token in order to keep it from expiring (NOTE: KCC server MUST be configured with a time at or greater). Set false to disable.

Default

5 minutes (normally) or false (if readOnlyServer or validateAccessOnly is true)

Defined in

packages/backend/server/src/types.ts:169

errorResponseHandler

Optional errorResponseHandler: ErrorResponseHandler

Defined in

packages/backend/server/src/types.ts:174

fetchUserInfo

Optional fetchUserInfo: boolean | (userInfo: UserinfoResponse) => UserinfoResponse

Requires server to fetch user info for each validated access token

Default

true

Defined in

packages/backend/server/src/types.ts:151

globalRouteConfig

Optional globalRouteConfig: KeycloakRouteConfig<string>

Overrides the default configuration for all routes

Defined in

packages/backend/server/src/types.ts:118

keyProvider

Optional keyProvider: KeyProvider

Allows you to specify a built-in or pass a custom key provider

Defined in

packages/backend/server/src/types.ts:142

keycloakVersionBelow18

Optional keycloakVersionBelow18: boolean

TLDR; KC versions < 18 have the /auth _prefix in the url

Defined in

packages/backend/server/src/types.ts:94

oidcClientMetadata

oidcClientMetadata: ClientMetadata

The RP client data

Defined in

packages/backend/server/src/types.ts:91

oidcDiscoveryUrlOverride

Optional oidcDiscoveryUrlOverride: string

Custom oidc discovery url

Defined in

packages/backend/server/src/types.ts:103

pinoLogger

Optional pinoLogger: Logger

Pino logger reference

Defined in

packages/backend/server/src/types.ts:100

readOnlyServer

Optional readOnlyServer: boolean

Defined in

packages/backend/server/src/types.ts:82

realm

realm: string

The OP realm to use

Defined in

packages/backend/server/src/types.ts:88

redirectUri

Optional redirectUri: string

Override default redirect uri *

Defined in

packages/backend/server/src/types.ts:72

refreshConfigMins

Optional refreshConfigMins: number

How often should we ping the OP for an updated oidc configuration

Defined in

packages/backend/server/src/types.ts:97

routePaths

Optional routePaths: CustomRouteUrl

Overrides the default routes created to handle keycloak interactions

Defined in

packages/backend/server/src/types.ts:115

serverOrigin

serverOrigin: string

The RP server origin

Defined in

packages/backend/server/src/types.ts:63

stateType

Optional stateType: StateOptions

Determines where the client will store a user's oauth token information

Defined in

packages/backend/server/src/types.ts:106

validOrigins

Optional validOrigins: string[]

Authorized origins

Defined in

packages/backend/server/src/types.ts:69

validateAccessOnly

Optional validateAccessOnly: boolean

Only allows the server to validate the access token, the server will not attempt to refresh if it is invalid

Defined in

packages/backend/server/src/types.ts:81

wildcardCookieBaseDomain

Optional wildcardCookieBaseDomain: string

Holds the base domain used for setting the wildcard domain property of cookies sent to the browser. Allows cookies to be accessible across all subdomains of the specified base domain and the base domain itself.

Defined in

packages/backend/server/src/types.ts:158