Use node application as client


I have 3 applications; a backend server, web client and a node.js bot application that will also serve as client. I don’t have any issue authenticating web client using keycloak’s js adapter but I am not sure how to authenticate node.js bot application as client. keycloak-js adapter seems to be designed for browsers and keycloak-nodejs-connect seems to be designed for server applications (I couldn’t see any methods in the source code for loging in). Also documentation for these 2 packages literally do not exist. Their npm packages show keycloak’s documentation but that’s a general documentation about keycloak not module’s.

All in all how can I authenticate my node.js app (that will serve as client not server) using client credentials grant?

Client credentials grant (section 4.4)

The simplest of all of the OAuth 2.0 grants, this grant is suitable for machine-to-machine authentication where a specific user’s permission to access data is not required.

The Flow

The client sends a POST request with following body parameters to the authorization server:

  • grant_type with the value client_credentials
  • client_id with the the client’s ID
  • client_secret with the client’s secret
  • scope with a space-delimited list of requested scope permissions.

The authorization server will respond with a JSON object containing the following properties:

  • token_type with the value Bearer
  • expires_in with an integer representing the TTL of the access token
  • access_token the access token itself

You need the token endpoint /auth/realms/REALM/protocol/openid-connect/token
Client Settings:
Access Type = confidential
Service Accounts Enabled = ON

1 Like

You are a life saver man thanks :slight_smile: And I suppose after initial request I’ll just start a cron job that’ll request new token where expires_in is used as interval.