Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Potential superfluous call to KeyCloak in RoleGuard #163

Open
krlm opened this issue Aug 18, 2023 · 1 comment
Open

Potential superfluous call to KeyCloak in RoleGuard #163

krlm opened this issue Aug 18, 2023 · 1 comment
Labels
Type: Enhancement New feature or request
Milestone
2.0

Comments

@krlm
Copy link

krlm commented Aug 18, 2023

Hi,

Isn't this call

nest-keycloak-connect/src/guards/role.guard.ts

Line 107 in 5b9a642

const grant = await keycloak.grantManager.createGrant({
a superfluous if you already have a token issued for your application which potentially contains user's application and realms roles?

I'd expect that application's access token is checked for presence of requested roles, especially if TokenValidation mode i set to OFFLINE.
@ferrerojosh
Copy link
Owner

I checked just now and indeed it was an oversight on my part. It could be just a simple call to wrap in a Token class which already exists in keycloak-js: https://github.com/keycloak/keycloak-nodejs-connect/blob/cee3608b35273d9e37f70fa9b5f24d8465bb9870/middleware/auth-utils/token.js#L30-L47

When wrapped in that class, it should be the same as extracting the token class from a grant.

@ferrerojosh ferrerojosh added the Type: Enhancement New feature or request label Sep 3, 2023
@ferrerojosh ferrerojosh added this to the 2.0 milestone Oct 18, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Type: Enhancement New feature or request
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
2 participants
@krlm @ferrerojosh