I have registered multiple resources on the Authorization Server, which are named as Process_{id}, where {id} is a random uuid.
When using the policy enforcer middleware in the Keycloak-Connect Node.js library, I would protect my route as follows:
app.get(’/processes/:id’, keycloak.enforcer(’{name of resource}:view’), handler) where {name of resource} is the name of the resource that is registered at the Authorization Server, for example Process_5e2d1aca-6c39-4719-b2a5-5f55dada9ea0.
So far, I have only seen examples, where {name of resource} is hardcoded. How would you implement this with a dynamic resource name based on the query string, that identifies the process that is requested?
I am having quite a bit of trouble getting basic policy enforcement working. I have implemented the keycloak-nodejs-connect example which has an index.js file with the following “policy enforcement” in it:
app.get(’/protected/resource’, keycloak.enforcer([‘resource:view’, ‘resource:write’], {
resource_server_id: ‘nodejs-apiserver’
}), function (req, res) {…}
My problem is that I always get “Access Denied” when I go to this resource. Looking at your post, it seems I need to “name my resource”. ie. change it from resource to something else. Unfortunately, I am not having any luck there. I wonder if you could help by telling me how to figure out what the “resource” string should be in “resource:view”
Thanks
Adrian
I have found the answer to my question above.
For the code that comes with the sample, you need to enable Authorization on the nodejs-apiserver client, then create a resource called “resource” and add two scopes called View and Write to that resource