GithubHelp home page GithubHelp logo

ilmimris / apollofederation-keycloak-demo Goto Github PK

View Code? Open in Web Editor NEW
6.0 2.0 3.0 399 KB

Demo of Apollo Federation with Keycloak as identity and access management

License: MIT License

JavaScript 100.00%
keycloak apollo-federation

apollofederation-keycloak-demo's Introduction

Apollo Federation with Keycloak Demo

This repository is a demo of using Apollo Federation to build a single schema on top of multiple services base from apollographql/federation-demo repo. The microservices are located under the ./services folder and the gateway that composes the overall schema is in the gateway.js file and secure it with Keycloak.

Prerequisites

  • Docker and docker-compose installed
  • Node.js and Yarn installed

Start by cloning this repo.

git clone https://github.com/ilmimris/apollofederation-keycloak-demo/

Then start a Keycloak server using docker-compose.

cd config && docker-compose up

Now in a separate terminal, seed the keycloak server with a sample configuration.

$ yarn keycloak:seed

creating role admin
creating role developer
creating client role admin for client keycloak-connect-graphql-bearer
creating client role developer for client keycloak-connect-graphql-bearer
creating client role admin for client keycloak-connect-graphql-public
creating client role developer for client keycloak-connect-graphql-public
creating user developer with password developer
assigning client and realm roles called "developer" to user developer
creating user admin with password admin
assigning client and realm roles called "admin" to user admin
done

This creates a sample realm called keycloak-connect-graphql with some clients, roles and users that we can use in the examples. Now we are ready to start and explore the examples.

The Keycloak console is accessible at localhost:8080 and the admin login is admin/admin. You can make any configuration changes you wish and npm run examples:seed will always recreate the example realm from scratch.

Installation

To run this demo locally, run the following commands:

yarn install

This will install all of the dependencies for the gateway and each underlying service.

yarn start-services

This command will run all of the microservices at once. They can be found at http://localhost:4001, http://localhost:4002, http://localhost:4003, and http://localhost:4004.

In another terminal window, run the gateway by running this command:

yarn start-gateway

This will start up the gateway and serve it at http://localhost:4000

What is this?

This demo showcases four partial schemas running as federated microservices secured with Keycloak. Each of these schemas can be accessed on their own and form a partial shape of an overall schema. The gateway fetches the service capabilities from the running services to create an overall composed schema which can be queried and the gateway pass the keycloak authentication token to the running services.

To learn more about Apollo Federation, check out the docs

apollofederation-keycloak-demo's People

Contributors

dependabot[bot] avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

dijbi awkward-minion zapkto

apollofederation-keycloak-demo's Issues

Access Denied to Playground

Hi,
Apollo Federation & Keycloack infos are sparse, so thanks for this repo ! ๐Ÿ‘

I keep on getting stuck trying to access Playground

I am logging to the realm signin form after a successful redirect from computer1:4000/playground, but i am getting a 'Access Denied'

Logs at the gateway :
Could not obtain grant code: Error: Grant validation failed. Reason: invalid token (wrong audience)

My settings (computer1 being localhost, but i am using an internal domain name)

  • Gateway on computer1:4000
  • Microservice 1 on computer1:9999
  • Keycloack server on othermachine;8180

I did follow your blog (waiting for part 3 and 4), the posts you did on keycloack-graphql-connect github and went through the code on you repo.

Client Settings


- Access Type : Confidential
- Standard Flow ON
- Implicit Flow ON
- Direct Access Grant ON
- Service Account ON
- Authorization ON

Root URL : http://computer1:4000
Valid Redirect URL : *
Base URL : /graphql 
Admin URL : empty
Web Origins : *

OIDC Json

{
  "realm": "app",
  "auth-server-url": "http://othermachine:8180/auth",
  "ssl-required": "external",
  "resource": "gateway",
  "verify-token-audience": true,
  "credentials": {
    "secret": "SECRET"
  },
  "use-resource-role-mappings": true,
  "confidential-port": 0,
  "policy-enforcer": {}
}

i tried with a simple git clone for you repo
I didn't succeed to launch the docker-compose or to import the realm-export.json.
Reading through the realm-export, i created manually the Realm/Client/ClientScope/Roles.

All services are independently fine, but the gateway stills throws an access denied after authentification

I tried your repo (https://github.com/ilmimris/keycloack-apollo-explore.git), works lit a charm with my settings (Keycloack server on 8180)

Do you have some hints for the access denied / wrong audience?

Thks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.