Class Keycloak

A client for the Keycloak authentication server.

See

JS adapter documentation

Constructors

constructor

Properties

authenticated? flow? idToken? idTokenParsed? realmAccess? refreshToken? refreshTokenParsed? resourceAccess? responseMode? responseType? subject? timeSkew? token? tokenParsed?

Methods

accountManagement clearToken createAccountUrl createLoginUrl createLogoutUrl createRegisterUrl hasRealmRole hasResourceRole init isTokenExpired loadUserProfile login logout onActionUpdate? onAuthError? onAuthLogout? onAuthRefreshError? onAuthRefreshSuccess? onAuthSuccess? onReady? onTokenExpired? register updateToken

Constructors

constructor

  • new Keycloak(config?: string | KeycloakConfig): Keycloak

  • Creates a new Keycloak client instance.

    Parameters

    • Optionalconfig: string | KeycloakConfig

      A configuration object or path to a JSON config file.

    Returns Keycloak

Properties

Optionalauthenticated

authenticated?: boolean

Is true if the user is authenticated, false otherwise.

Optionalflow

flow?: KeycloakFlow

Flow passed in init.

OptionalidToken

idToken?: string

The base64 encoded ID token.

OptionalidTokenParsed

idTokenParsed?: KeycloakTokenParsed

The parsed id token as a JavaScript object.

OptionalrealmAccess

realmAccess?: KeycloakRoles

The realm roles associated with the token.

OptionalrefreshToken

refreshToken?: string

The base64 encoded refresh token that can be used to retrieve a new token.

OptionalrefreshTokenParsed

refreshTokenParsed?: KeycloakTokenParsed

The parsed refresh token as a JavaScript object.

OptionalresourceAccess

resourceAccess?: KeycloakResourceAccess

The resource roles associated with the token.

OptionalresponseMode

responseMode?: KeycloakResponseMode

Response mode passed in init (default value is 'fragment').

OptionalresponseType

responseType?: KeycloakResponseType

Response type sent to Keycloak with login requests. This is determined based on the flow value used during initialization, but can be overridden by setting this value.

Optionalsubject

subject?: string

The user id.

OptionaltimeSkew

timeSkew?: number

The estimated time difference between the browser time and the Keycloak server in seconds. This value is just an estimation, but is accurate enough when determining if a token is expired or not.

Optionaltoken

token?: string

The base64 encoded token that can be sent in the Authorization header in requests to services.

OptionaltokenParsed

tokenParsed?: KeycloakTokenParsed

The parsed token as a JavaScript object.

Methods

accountManagement

  • accountManagement(): Promise<void>

  • Redirects to the Account Management Console.

    Returns Promise<void>

clearToken

  • clearToken(): void

  • Clears authentication state, including tokens. This can be useful if the application has detected the session was expired, for example if updating token fails. Invoking this results in Keycloak#onAuthLogout callback listener being invoked.

    Returns void

createAccountUrl

  • createAccountUrl(options?: KeycloakAccountOptions): string

  • Returns the URL to the Account Management Console.

    Parameters

    Returns string

createLoginUrl

  • createLoginUrl(options?: KeycloakLoginOptions): string

  • Returns the URL to login form.

    Parameters

    Returns string

createLogoutUrl

  • createLogoutUrl(options?: KeycloakLogoutOptions): string

  • Returns the URL to logout the user.

    Parameters

    Returns string

createRegisterUrl

  • createRegisterUrl(options?: KeycloakRegisterOptions): string

  • Returns the URL to registration page.

    Parameters

    Returns string

hasRealmRole

  • hasRealmRole(role: string): boolean

  • Returns true if the token has the given realm role.

    Parameters

    • role: string

      A realm role name.

    Returns boolean

hasResourceRole

  • hasResourceRole(role: string, resource?: string): boolean

  • Returns true if the token has the given role for the resource.

    Parameters

    • role: string

      A role name.

    • Optionalresource: string

      If not specified, clientId is used.

    Returns boolean

init

  • init(initOptions: KeycloakInitOptions): Promise<boolean>

  • Called to initialize the adapter.

    Parameters

    Returns Promise<boolean>

    A promise to set functions to be invoked on success or error.

isTokenExpired

  • isTokenExpired(minValidity?: number): boolean

  • Returns true if the token has less than minValidity seconds left before it expires.

    Parameters

    • OptionalminValidity: number

      If not specified, 0 is used.

    Returns boolean

loadUserProfile

  • loadUserProfile(): Promise<KeycloakProfile>

  • Loads the user's profile.

    Returns Promise<KeycloakProfile>

    A promise to set functions to be invoked on success or error.

login

  • login(options?: KeycloakLoginOptions): Promise<void>

  • Redirects to login form.

    Parameters

    Returns Promise<void>

logout

  • logout(options?: KeycloakLogoutOptions): Promise<void>

  • Redirects to logout.

    Parameters

    Returns Promise<void>

OptionalonActionUpdate

  • onActionUpdate(status: "error" | "success" | "cancelled"): void

  • Called when a AIA has been requested by the application.

    Parameters

    • status: "error" | "success" | "cancelled"

    Returns void

OptionalonAuthError

  • onAuthError(errorData: KeycloakError): void

  • Called if there was an error during authentication.

    Parameters

    Returns void

OptionalonAuthLogout

  • onAuthLogout(): void

  • Called if the user is logged out (will only be called if the session status iframe is enabled, or in Cordova mode).

    Returns void

OptionalonAuthRefreshError

  • onAuthRefreshError(): void

  • Called if there was an error while trying to refresh the token.

    Returns void

OptionalonAuthRefreshSuccess

  • onAuthRefreshSuccess(): void

  • Called when the token is refreshed.

    Returns void

OptionalonAuthSuccess

  • onAuthSuccess(): void

  • Called when a user is successfully authenticated.

    Returns void

OptionalonReady

  • onReady(authenticated?: boolean): void

  • Called when the adapter is initialized.

    Parameters

    • Optionalauthenticated: boolean

    Returns void

OptionalonTokenExpired

  • onTokenExpired(): void

  • Called when the access token is expired. If a refresh token is available the token can be refreshed with Keycloak#updateToken, or in cases where it's not (ie. with implicit flow) you can redirect to login screen to obtain a new access token.

    Returns void

register

  • register(options?: KeycloakRegisterOptions): Promise<void>

  • Redirects to registration form.

    Parameters

    Returns Promise<void>

updateToken

  • updateToken(minValidity?: number): Promise<boolean>

  • If the token expires within minValidity seconds, the token is refreshed. If the session status iframe is enabled, the session status is also checked.

    Parameters

    • OptionalminValidity: number

      If not specified, 5 is used.

    Returns Promise<boolean>

    A promise to set functions that can be invoked if the token is still valid, or if the token is no longer valid.

    Example

    keycloak.updateToken(5).then(function(refreshed) {
      if (refreshed) {
        alert('Token was successfully refreshed');
      } else {
        alert('Token is still valid');
      }
    }).catch(function() {
      alert('Failed to refresh the token, or the session has expired');

Settings

Member Visibility

On This Page

Constructors
Properties
Methods