Keycloak connect ruby
require 'logger'
KeycloakConnectRuby.configure do |c|
c.url = 'http://keycloak_server:8080'
c.realm = 'my-company'
c.client_id = 'my-sinatra-app'
c.client_secret = 'dsfgfdgfdgfd'
c.logger = Logger.new(STDOUT) c.proxy = nil
end
class MyApiController < ApplicationController
before_action :keycloak_authenticate_and_check_role!
def current_user
KeycloakConnectRuby::User.from_token(keycloak_token)
end
private
def keycloak_token
KeycloakConnectRuby::Token.validate_and_decode(bearer_token)
end
def bearer_token
request.authorization&.to_s&.gsub(/^Bearer /, "")
end
def keycloak_authenticate_and_check_role!
unless current_user.has_role?('my-role-name')
render json: { error: 'your message here' }, status: :unauthorized
end
rescue KeycloakConnectRuby::Errors::Token::ExpiredError => e
rescue KeycloakConnectRuby::Errors::Token::NoProvidedError => e
rescue KeycloakConnectRuby::Errors::Token::InvalidFormatError => e
end
def generate_keycloak_token_for_api_calls
KeycloakConnectRuby::Token.generate_from_client_credentials
KeycloakConnectRuby::Token.generate_from_password_credentials('username here', 'password here')
end
end