npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@azerothian/keycloak-api

v0.0.1

Published

NestJS module for Keycloak authentication and administration

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

matthew.m.mckenziematthew.m.mckenzie

Keywords

Readme

@azerothian/keycloak-api

NestJS module for Keycloak authentication and administration. Provides multi-realm JWT authentication, 100+ admin REST API methods, route protection decorators, JWKS key caching, and comprehensive testing utilities.

Features

  • Multi-Realm JWT Authentication - Validate JWT tokens from any realm on a Keycloak instance with automatic JWKS key resolution and caching
  • Comprehensive Admin API - 100+ methods for realm, user, group, role, session, and event management
  • Route Protection Decorators - @Public(), @CurrentUser(), and @Permissions() for fine-grained access control
  • JWKS Caching - Automatic signing key caching with configurable refresh intervals to minimize Keycloak calls
  • Testing Utilities - Mock JWT tokens and strategies for integration testing without a running Keycloak instance

Installation

npm install @azerothian/keycloak-api

Peer Dependencies

npm install @nestjs/common @nestjs/core @nestjs/config @nestjs/passport rxjs

Quick Start

1. Authentication Setup

Import the auth module and configure your Keycloak instance:

// app.module.ts
import { Module } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import { PassportModule } from '@nestjs/passport';
import { KeycloakStrategy, JwtAuthGuard } from '@azerothian/keycloak-api/auth';

@Module({
  imports: [
    ConfigModule.forRoot(),
    PassportModule.register({ defaultStrategy: 'keycloak' }),
  ],
  providers: [KeycloakStrategy, JwtAuthGuard],
})
export class AppModule {}

Set environment variables:

KEYCLOAK_URL=https://keycloak.example.com
KEYCLOAK_REALM=your-realm

Protect routes with the guard:

// users.controller.ts
import { Controller, Get, UseGuards } from '@nestjs/common';
import { JwtAuthGuard, CurrentUser, Public } from '@azerothian/keycloak-api/auth';
import { AuthenticatedUser } from '@azerothian/keycloak-api/types';

@Controller('users')
@UseGuards(JwtAuthGuard)
export class UsersController {
  @Get('profile')
  getProfile(@CurrentUser() user: AuthenticatedUser) {
    return {
      keycloakId: user.keycloakId,
      username: user.username,
      roles: user.roles,
    };
  }

  @Get('health')
  @Public()
  healthCheck() {
    return { status: 'ok' };
  }
}

2. Admin API Setup

Import the admin module to manage realms, users, groups, and roles:

// app.module.ts
import { Module } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import { KeycloakAdminModule } from '@azerothian/keycloak-api/admin';

@Module({
  imports: [
    ConfigModule.forRoot(),
    KeycloakAdminModule,
  ],
})
export class AppModule {}

Set admin credentials in environment:

KEYCLOAK_URL=https://keycloak.example.com
KEYCLOAK_ADMIN_USERNAME=admin
KEYCLOAK_ADMIN_PASSWORD=password
KEYCLOAK_ADMIN_CLIENT_ID=admin-cli
KEYCLOAK_ADMIN_CLIENT_SECRET=your-client-secret

Use the service in your application:

// realms.service.ts
import { Injectable } from '@nestjs/common';
import { KeycloakAdminService } from '@azerothian/keycloak-api/admin';

@Injectable()
export class RealmsService {
  constructor(private kcAdmin: KeycloakAdminService) {}

  async getAllRealms() {
    return this.kcAdmin.getRealms();
  }

  async getRealmUsers(realmName: string) {
    return this.kcAdmin.getUsers(realmName, { max: 100 });
  }

  async createUser(realmName: string, user: any) {
    return this.kcAdmin.createUser(realmName, user);
  }
}

3. Using Decorators

Control access with decorators:

import { Controller, Post, UseGuards } from '@nestjs/common';
import { JwtAuthGuard, Permissions, CurrentUser } from '@azerothian/keycloak-api';
import { AuthenticatedUser } from '@azerothian/keycloak-api/types';

@Controller('networks')
@UseGuards(JwtAuthGuard)
export class NetworksController {
  @Post()
  @Permissions('networks:create')
  createNetwork(@CurrentUser() user: AuthenticatedUser, @Body() dto: CreateNetworkDto) {
    return {
      createdBy: user.keycloakId,
      ...dto,
    };
  }
}

Environment Variables

| Variable | Description | Example | |----------|-------------|---------| | KEYCLOAK_URL | Base URL of Keycloak instance | https://keycloak.example.com | | KEYCLOAK_REALM | Primary realm for authentication | wirenet | | KEYCLOAK_ADMIN_USERNAME | Admin account username (for admin API) | admin | | KEYCLOAK_ADMIN_PASSWORD | Admin account password (for admin API) | password | | KEYCLOAK_ADMIN_CLIENT_ID | Client ID for admin API authentication | admin-cli | | KEYCLOAK_ADMIN_CLIENT_SECRET | Client secret for admin API (if using client credentials flow) | secret-key |

Subpath Imports

This package exports specialized modules. Import only what you need:

| Import Path | Exports | Purpose | |-------------|---------|---------| | @azerothian/keycloak-api | All exports | Root barrel - re-exports everything | | @azerothian/keycloak-api/admin | KeycloakAdminService, KeycloakAdminModule | Keycloak Admin REST API | | @azerothian/keycloak-api/auth | KeycloakStrategy, JwtAuthGuard | JWT authentication via Passport | | @azerothian/keycloak-api/decorators | CurrentUser(), Public(), Permissions(), constants | Route protection decorators | | @azerothian/keycloak-api/types | KeycloakTokenPayload, AuthenticatedUser, session/event types, SERVICE_PERMISSIONS | Type definitions | | @azerothian/keycloak-api/testing | TestJwtStrategy, mock token factories | Integration testing utilities |

Testing

Create mock JWT tokens for integration tests without a running Keycloak instance:

import { Test } from '@nestjs/testing';
import {
  TestJwtStrategy,
  createAdminToken,
  createUserToken,
} from '@azerothian/keycloak-api/testing';

describe('UsersController (e2e)', () => {
  let app: INestApplication;

  beforeAll(async () => {
    const moduleFixture = await Test.createTestingModule({
      controllers: [UsersController],
      providers: [UsersService, TestJwtStrategy],
    }).compile();

    app = moduleFixture.createNestApplication();
    await app.init();
  });

  it('should allow admin to access protected route', async () => {
    const adminToken = createAdminToken('user-id-123', 'realm-id-456');

    return request(app.getHttpServer())
      .get('/users/profile')
      .set('Authorization', `Bearer ${adminToken}`)
      .expect(200);
  });

  it('should allow regular user with limited permissions', async () => {
    const userToken = createUserToken('user-id-789', 'realm-id-456');

    return request(app.getHttpServer())
      .get('/users/profile')
      .set('Authorization', `Bearer ${userToken}`)
      .expect(200);
  });
});

Mock token factories create tokens with predefined roles and permissions:

  • createAdminToken() - Full system access (admin role with all permissions)
  • createUserToken() - Regular user access (limited permissions)
  • createPowerUserToken() - Elevated permissions
  • createServiceAccountToken() - For service-to-service authentication
  • createSuperadminToken() - Maximum privileges (superadmin + admin roles)
  • createMockJwtToken(payload, secret) - Custom token with arbitrary payload

License

MIT