This is a poor man's keycloak adapter with very rudimental functionality. It is meant to be used on backend to verify jwt tokens provided by keycloak and protect backend endpoints. It provides straightforward middleware for express and express-ws.

Provide the following environment variables to your app:

• KEYCLOAK_HOST - address to the kc instance
• KEYCLOAK_PORT - port of the kc API
• KEYCLOAK_REALM - name of the realm in your kc instance where users are created

Import it to your app:

const keycloak = require("kc-adapter");

Initialize:

await keycloak.init();

Use the middleware to protect your endpoints:

const express = require('express');
require('express-ws')(express);
const router = express.Router();

router.ws("/ws/echo", keycloak.protectWS(), (connection, req) => {
    connection.on("message", async message => {
        connection.send("you said: " + message);
    });
});

router.get("/rest/echo", keycloak.protectHTTP(), (req, res, next) => {
    return res.status(200).send("you said: " + req.query.message);
});

If a client requesting those endpoints does not send a valid access token, the server responds with 401 (in case of http) or immediately closes the connection with 1008 (in case of ws).