Get username from keycloak session in NodeJS

Question

Is there something similar to:

request.getUserPrincipal().getName()       // Java

In Node to get username when we are using connect-keycloak with express middle-ware?

Answer 1

I also came along with this issue.

I did dive into the middleware code and tried to find something similar. It turns out that the request object is modified and appended by kauth.grant.

console.log('req.kauth.grant') prints out:

{
access_token: {
    token: 'kasdgfksj333',
    clientId: 'mobile',
    header: {
        alg: 'RS256'
    },
    content: {
        jti: '33389eb6-3611-4de2-b913-add9283c3de0',
        exp: 1464883174,
        nbf: 0,
        iat: 1464882874,
        iss: 'http://docker:9090/auth/realms/test',
        aud: 'test-client',
        sub: '333604a0-b527-4afb-a04e-5e4ebf06ce9c',
        typ: 'Bearer',
        azp: 'test-client',
        session_state: '1cd35952-8e42-44f1-ad15-aaf9964bfefa',
        client_session: '943f1213-f556-4021-bbc6-2355146ab955',
        'allowed-origins': [],
        resource_access: [Object],
        name: 'Test User',
        preferred_username: 'user',
        given_name: 'Test',
        family_name: 'User',
        email: '[email protected]'
    },
    signature: < Buffer 45 1 b 3 d d7 4 f f9 d1 63 44 ad a9 ca b8 c4 67 88 ba e9 5 d 64 8 d a0 a9 75 a1 79 cf 18 52 d5 f7 f0 08 71 1 d 79 bd 59 e9 5 a f8 25 72 dd e5 06 71 4 f b7 f1 47... > ,
    signed: 'eyJhbGcfOiJSUzf1NiJ9.eyJqdGkiOsJmYmY4OWViwi0zNjExLTrkZTItYjkxMy1hZGQ5MjgzYzNkZTAiLCJleHAiOjE0NjQ4ODMxNzQsIm5iZiI6MCwiaWF0IjoxNDY0ODgyODc0LCJpc3MiOiJodHRwOi8vZG9ja2VyaG9zdDo5MDgwL2F1dGgvcmVhbG1zL3JoY2FycyIsImF1ZCI6InJoY2Fycy12ZWhpY2xlLW93bmVyLWlvcyIsInN1YiI6IjkxMjYwNGEwLWI1MjctNGFmYi1hMDRlLTVlNGViZjA2Y2U5YyIsInR5cCI6IkJlYXJlciIsImF6cCI6InJoY2Fycy12ZWhpY2xlLW93bmVyLWlvcyIsInNlc3Npb25fc3RhdGUiOiIxY2QzNTk1Mi04ZTQyLTQ0ZjEtYWQxNS1hYWY5OTY0YmZlZmEiLCJjbGllbnRfc2Vzc2lvbiI6Ijk0M2YxMjEzLWY1NTYtNDAyMS1iYmM2LTIzNTUxNDZhYjk1NSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IlRlc3QgVXNlciIsInByZWZlcnJlZF91c2VybmFtZSI6IjEyMzEyMyIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJVc2VyIiwiZW1haWwiOiJmb29iYXJ1c2VyQGFyY29uc2lzLmNvbSJ9'
},
refresh_token: undefined,
id_token: undefined,
token_type: undefined,
expires_in: undefined,
__raw: '{"access_token":"eyJhbGciOiJSUzI3NiJ2.eyJqdGki4iJmYmY4OWriNi0zNjExLTRkZTItYjkxMy1hZGQ5MjgzYzNkZTAiLCJleHAiOjE0NjQ4ODMxNzQsIm5iZiI6MCwiaWF0IjoxNDY0ODgyODc0LCJpc3MiOiJodHRwOi8vZG9ja2VyaG9zdDo5MDgwL2F1dGgvcmVhbG1zL3JoY2FycyIsImF1ZCI6InJoY2Fycy12ZWhpY2xlLW93bmVyLWlvcyIsInN1YiI6IjkxMjYwNGEwLWI1MjctNGFmYi1hMDRlLTVlNGViZjA2Y2U5YyIsInR5cCI6IkJlYXJlciIsImF6cCI6InJoY2Fycy12ZWhpY2xlLW93bmVyLWlvcyIsInNlc3Npb25fc3RhdGUiOiIxY2QzNTk1Mi04ZTQyLTQ0ZjEtYWQxNS1hYWY5OTY0YmZlZmEiLCJjbGllbnRfc2Vzc2lvbiI6Ijk0M2YxMjEzLWY1NTYtNDAyMS1iYmM2LTIzNTUxNDZhYjk1NSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IlRlc3QgVXNlciIsInByZWZlcnJlZF91c2VybmFtZSI6IjEyMzEyMyIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJVc2VyIiwiZW1haWwiOiJmb29iYXJ1c2VyQGFyY29uc2lzLmNvbSJ9.RRs910_50WNEranKuMRniLrpXWSNoKl1oXnPGFLV9_AIcR15vVnpWvglct3lBnFPt_FH6QPJTmp7i-8mRTIDoIL8jtmEtJ8VfE2ZYX5WN3RlxPFQc5kCOZUQiV55eZALOCSTpm2HIw1eLhBVs4Is8RMJoWy8xj3k4pkOqqll8NY__TJdTG7Iihj0lReblyaW34OpSxkAYoqYaayox0H_7UbnpSAIL0BqBL41lDPH4mXouUX3i0fFbLOt_MnAtPrdFYTez7OVmKhZx7gavdQEkHEGK8thgagnCrycejUqTO0YUeOsasQ2NK9KLPBIEA0eX_p2l2yDYhlJR15stQ3AHA"}',
store: [Function],
unstore: [Function]
}

For sure - this is not developer friendly but you can access the username via req.kauth.grant.access_token.content.preferred_username. That results in user.

I will report this as an issue to the main contributer. (Github Repo of keycloak middleware https://github.com/keycloak/keycloak-nodejs-connect)

UPDATE The main contributers of the keycloak project just answered me. If you find any additional issues - address them here: https://issues.jboss.org/projects/KEYCLOAK

For the node.js adapter: https://issues.jboss.org/browse/KEYCLOAK-2833?jql=project%20%3D%20KEYCLOAK%20AND%20component%20%3D%20%22Adapter%20-%20Node.js%22

UPDATE 2: March 15 2021 Reporting issues for the keycloak middleware require a RedHat user account now. Since this thread still seems to be active and I am not into that topic any longer (so much time passed by) I can only suggest to set up an account report bugs there.

https://issues.jboss.org/projects/KEYCLOAK

Hope I could help.

Cheers
Orlando
🍻