Interface: KeycloakConnectorConfigBase
Properties
DANGEROUS_disableJwtClientAuthentication
• Optional DANGEROUS_disableJwtClientAuthentication: boolean
Option to disable signed JWT authentication *
Defined in
packages/backend/server/src/types.ts:97
alwaysVerifyAccessTokenWithServer
• Optional alwaysVerifyAccessTokenWithServer: boolean
Forces the server to validate all access tokens provided by during a user request, regardless of route
Defined in
packages/backend/server/src/types.ts:163
authCookieTimeout
• authCookieTimeout: number
How long until the initial login sequence cookie expires. Shorter times may impact users who may take a while to finish logging in.
Defined in
packages/backend/server/src/types.ts:130
authServerUrl
• authServerUrl: string
The OP server url
Defined in
packages/backend/server/src/types.ts:78
caseSensitiveRoleCheck
• Optional caseSensitiveRoleCheck: boolean
When true, a case-sensitive search is used to match requirements to user's roles
Defined in
packages/backend/server/src/types.ts:145
clientId
• Optional clientId: string
The keycloak client id *
Defined in
packages/backend/server/src/types.ts:87
clientSecret
• Optional clientSecret: string
The keycloak client secret *
Defined in
packages/backend/server/src/types.ts:90
clusterProvider
• Optional clusterProvider: AbstractClusterProvider<void>
Specify a cluster provider in order to synchronize instances of the same app
Defined in
packages/backend/server/src/types.ts:157
decorateUserStatus
• Optional decorateUserStatus: DecorateUserStatusBackend
Allows decoration of the user status endpoint
Defined in
packages/backend/server/src/types.ts:179
defaultResourceAccessKey
• Optional defaultResourceAccessKey: string
When a role rule doesn't specify a specific client, the default is to use the current client_id when
searching through the resource_access key of the JWT for required roles. Overridable here.
Defined in
packages/backend/server/src/types.ts:142
eagerRefreshTime
• Optional eagerRefreshTime: number | false
Desc
The amount of time in minutes the client should attempt to refresh the access token in order to keep it from expiring (NOTE: KCC server MUST be configured with a time at or greater). Set false to disable.
Default
5 minutes (normally) or false (if readOnlyServer or validateAccessOnly is true)
Defined in
packages/backend/server/src/types.ts:187
errorResponseHandler
• Optional errorResponseHandler: ErrorResponseHandler
Defined in
packages/backend/server/src/types.ts:192
fetchUserInfo
• Optional fetchUserInfo: boolean | (userInfo: UserInfoResponse) => UserInfoResponse
Requires server to fetch user info for each validated access token
Default
true
Defined in
packages/backend/server/src/types.ts:169
globalRouteConfig
• Optional globalRouteConfig: KeycloakRouteConfig<string>
Overrides the default configuration for all routes
Defined in
packages/backend/server/src/types.ts:136
keyProvider
• Optional keyProvider: KeyProvider
Allows you to specify a built-in or pass a custom key provider
Defined in
packages/backend/server/src/types.ts:160
keycloakVersionBelow18
• Optional keycloakVersionBelow18: boolean
TLDR; KC versions < 18 have the /auth _prefix in the url
Defined in
packages/backend/server/src/types.ts:106
oidcClientMetadata
• oidcClientMetadata: ClientMetadata
The RP client data
Defined in
packages/backend/server/src/types.ts:103
oidcDiscoveryUrlOverride
• Optional oidcDiscoveryUrlOverride: string
Custom oidc discovery url
Defined in
packages/backend/server/src/types.ts:121
pinoLogger
• Optional pinoLogger: Logger
Pino logger reference
Defined in
packages/backend/server/src/types.ts:118
postLogoutRedirectUris
• Optional postLogoutRedirectUris: string[]
Override valid redirect uris for post-logout
Defined in
packages/backend/server/src/types.ts:115
readOnlyServer
• Optional readOnlyServer: boolean
Defined in
packages/backend/server/src/types.ts:94
realm
• realm: string
The OP realm to use
Defined in
packages/backend/server/src/types.ts:100
redirectUri
• Optional redirectUri: string
Override default redirect uri *
Defined in
packages/backend/server/src/types.ts:84
redirectUris
• Optional redirectUris: string[]
Override valid redirect uris for post-login
Defined in
packages/backend/server/src/types.ts:112
refreshConfigMins
• Optional refreshConfigMins: number
How often should we ping the OP for an updated oidc configuration
Defined in
packages/backend/server/src/types.ts:109
routePaths
• Optional routePaths: CustomRouteUrl
Overrides the default routes created to handle keycloak interactions
Defined in
packages/backend/server/src/types.ts:133
serverOrigin
• serverOrigin: string
The RP server origin
Defined in
packages/backend/server/src/types.ts:75
stateType
• Optional stateType: StateOptions
Determines where the client will store a user's oauth token information
Defined in
packages/backend/server/src/types.ts:124
validOrigins
• Optional validOrigins: string[]
Authorized origins
Defined in
packages/backend/server/src/types.ts:81
validateAccessOnly
• Optional validateAccessOnly: boolean
Only allows the server to validate the access token, the server will not attempt to refresh if it is invalid
Defined in
packages/backend/server/src/types.ts:93
wildcardCookieBaseDomain
• Optional wildcardCookieBaseDomain: string
Holds the base domain used for setting the wildcard domain property of cookies sent to the browser. Allows cookies to be accessible across all subdomains of the specified base domain and the base domain itself.