This is a starter kit for full-stack web application authentication with Tyk and Keycloak (in progress).
Our solution is unique, as in that all of the front-end and back-end applications are registered as Tyk APIs. Tyk offers built-in mechanism to work with OpenID-compliant providers, in our case, is Keycloak. Once they're registered as Tyk APIs, your applications are essentially ready for deployment.
For your front-end applications, we recommend the use of the auth/sessionInfo virtual endpoint to retrieve user info, such as name, email, etc, and auth/logout as the link for your logout button.
There are a number of middlewares under /tyk/middleware folder. Their roles are explained below.
backendAuth.js: This middleware decodes theAuthorizationheader of API requests made by browser applications.frontendAuth.js: This middleware makes sure that Tyk correctly redirects requests to Keycloak if there isn't a valid session, or redirects requests to the applications if there is one.
The following middlewares utilize the Tyk Virtual Endpoints functionalities.
virtualLogin.js: Available asauth/login, it redirects unauthenticated requests to front-end applications to the Keycloak Log-in page.virtualLogout.js: Available asauth/logout, it clears the session, redirects users to the Keycloak log-in page.virtualSession.js: Available asauth/Sessioninfo, it returns basic information about the session and the users. This is mostly used by front-end applications to render user-specific data.virtualToken.js: Availabler asauth/token, it provides an API endpoint for users to retreive a valid token. This is optional if you only want users to make requests indirectly via the browser apps.
A: No. However, it is possible to modify the middleware, in particular, the virtualLogin.js and virtualLogout.js for this purpose, this is because Auth0, or other OpenID providers have slightly different parameters when redirected for log in.