Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential superfluous call to KeyCloak in RoleGuard #163

Open
krlm opened this issue Aug 18, 2023 · 1 comment
Open

Potential superfluous call to KeyCloak in RoleGuard #163

krlm opened this issue Aug 18, 2023 · 1 comment
Labels
Type: Enhancement New feature or request
Milestone
2.0

Comments

@krlm
Copy link

krlm commented Aug 18, 2023

Hi,

Isn't this call

nest-keycloak-connect/src/guards/role.guard.ts

Line 107 in 5b9a642

const grant = await keycloak.grantManager.createGrant({
a superfluous if you already have a token issued for your application which potentially contains user's application and realms roles?

I'd expect that application's access token is checked for presence of requested roles, especially if TokenValidation mode i set to OFFLINE.
@ferrerojosh
Copy link
Owner

I checked just now and indeed it was an oversight on my part. It could be just a simple call to wrap in a Token class which already exists in keycloak-js: https://github.com/keycloak/keycloak-nodejs-connect/blob/cee3608b35273d9e37f70fa9b5f24d8465bb9870/middleware/auth-utils/token.js#L30-L47

When wrapped in that class, it should be the same as extracting the token class from a grant.

@ferrerojosh ferrerojosh added the Type: Enhancement New feature or request label Sep 3, 2023
@ferrerojosh ferrerojosh added this to the 2.0 milestone Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement New feature or request
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
2 participants
@krlm @ferrerojosh