Skip to content
/ plugin-oidc-example Public template
forked from Nexirift/plugin-keycloak-example

An example GraphQL Yoga project to get you started with plugin-oidc.

oss.nexirift.com/plugin-keycloak-example

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Nexirift/plugin-oidc-example

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
src
src
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bun.lockb
bun.lockb
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

plugin-oidc-example

An example GraphQL Yoga project to get you started with plugin-oidc.

Installation

Prerequisites

  • KeyDB
    • Or a Redis compatible client, we no longer recommend official Redis.
    • If you would like to know why we don't suggest it, read the comments here.
  • An OpenID Connect Compatible Server

Instructions

  1. Set up the prerequistes first
  2. Clone the project by using Git: git clone https://github.com/Nexirift/plugin-oidc-example
  3. Install packages using yarn: bun install
  4. Start the server using: bun dev
  5. Configure the .env values
  6. Send a test request below

Sending a request

curl --request POST \
--url http://localhost:3000/graphql \
--header 'Authorization: Bearer ' \
--header 'Content-Type: application/json' \
--data '{"query":"query hello {\n\thello\n}","operationName":"hello"}'

Pass access token after the Bearer

Authentication Setup Guides

Keycloak

  1. Visit your Keycloak administration panel.
  2. Clients > Create client:
    • Client ID: plugin-oidc-test
    • Valid redirect URIs: /*
    • Web origins: /*
  3. Use the following template (replace auth.local): 
    http://auth.local/realms/master/protocol/openid-connect/auth?response_type=code&client_id=plugin-oidc-test&redirect_uri=https://auth.local&scope=openid
  4. It'll respond with something like this: 
    http://auth.local/?session_state=19e5228b...&code=3a542842.../
  5. You need to copy the value after &code= (without /)
  6. Use the following template (replace auth.local and code): 
    curl --request POST \
--url 'http://auth.local/realms/master/protocol/openid-connect/token?=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=authorization_code \
--data redirect_uri=http://auth.local \
--data client_id=plugin-oidc-test \
--data code=3a542842...
  7. It should respond with something like: 
    {
	"access_token": "eyJhbG...",
	"expires_in": 60,
	"refresh_expires_in": 86372,
	"refresh_token": "eyJhbG...",
	"token_type": "Bearer",
	"id_token": "eyJhbG...",
	"not-before-policy": 0,
	"session_state": "19e5228b...",
	"scope": "openid profile email"
}

If you ever need to refresh the token, copy the refresh_token and follow the template:

curl --request POST \
--url 'http://auth.local/realms/master/protocol/openid-connect/token?=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=refresh_token \
--data client_id=plugin-oidc-test \
--data refresh_token=eyJhbG...

The access_token returned by either one of these requests will be used in the Sending a request section under after Bearer.

Authentik

TO-DO

About

An example GraphQL Yoga project to get you started with plugin-oidc.

oss.nexirift.com/plugin-keycloak-example

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 100.0%