chore(keycloak): code cleanup
This commit is contained in:
Masaki Yatsu
@@ -4,77 +4,86 @@ import KcAdminClient from "@keycloak/keycloak-admin-client";
|
||||
import invariant from "tiny-invariant";
|
||||
|
||||
const main = async () => {
|
||||
// Environment variables
|
||||
const keycloakHost = process.env.KEYCLOAK_HOST;
|
||||
const adminUser = process.env.KEYCLOAK_ADMIN_USER;
|
||||
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
|
||||
const realm = process.env.KEYCLOAK_REALM;
|
||||
const keycloakHost = process.env.KEYCLOAK_HOST;
|
||||
const adminUser = process.env.KEYCLOAK_ADMIN_USER;
|
||||
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
|
||||
const realm = process.env.KEYCLOAK_REALM;
|
||||
|
||||
invariant(keycloakHost, "KEYCLOAK_HOST is required");
|
||||
invariant(adminUser, "KEYCLOAK_ADMIN_USER is required");
|
||||
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD is required");
|
||||
invariant(realm, "KEYCLOAK_REALM is required");
|
||||
invariant(keycloakHost, "KEYCLOAK_HOST is required");
|
||||
invariant(adminUser, "KEYCLOAK_ADMIN_USER is required");
|
||||
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD is required");
|
||||
invariant(realm, "KEYCLOAK_REALM is required");
|
||||
|
||||
console.log(`Checking token settings for realm: ${realm}`);
|
||||
console.log(`Checking token settings for realm: ${realm}`);
|
||||
|
||||
// Initialize Keycloak admin client
|
||||
const kcAdminClient = new KcAdminClient({
|
||||
baseUrl: `https://${keycloakHost}`,
|
||||
realmName: "master",
|
||||
const kcAdminClient = new KcAdminClient({
|
||||
baseUrl: `https://${keycloakHost}`,
|
||||
realmName: "master",
|
||||
});
|
||||
|
||||
try {
|
||||
await kcAdminClient.auth({
|
||||
username: adminUser,
|
||||
password: adminPassword,
|
||||
grantType: "password",
|
||||
clientId: "admin-cli",
|
||||
});
|
||||
|
||||
try {
|
||||
// Authenticate
|
||||
await kcAdminClient.auth({
|
||||
username: adminUser,
|
||||
password: adminPassword,
|
||||
grantType: "password",
|
||||
clientId: "admin-cli",
|
||||
});
|
||||
console.log("✓ Authenticated with Keycloak admin");
|
||||
|
||||
console.log("✓ Authenticated with Keycloak admin");
|
||||
kcAdminClient.setConfig({ realmName: realm });
|
||||
|
||||
// Set the target realm
|
||||
kcAdminClient.setConfig({ realmName: realm });
|
||||
|
||||
// Get current realm settings
|
||||
const currentRealm = await kcAdminClient.realms.findOne({ realm });
|
||||
if (!currentRealm) {
|
||||
throw new Error(`Realm ${realm} not found`);
|
||||
}
|
||||
|
||||
console.log(`\n=== Current Token Settings for Realm: ${realm} ===`);
|
||||
console.log(`Access Token Lifespan: ${currentRealm.accessTokenLifespan || 'not set'} seconds (${(currentRealm.accessTokenLifespan || 0)/60} minutes)`);
|
||||
console.log(`Access Token Lifespan (Implicit): ${currentRealm.accessTokenLifespanForImplicitFlow || 'not set'} seconds`);
|
||||
console.log(`SSO Session Max Lifespan: ${currentRealm.ssoSessionMaxLifespan || 'not set'} seconds (${(currentRealm.ssoSessionMaxLifespan || 0)/60} minutes)`);
|
||||
console.log(`SSO Session Idle Timeout: ${currentRealm.ssoSessionIdleTimeout || 'not set'} seconds (${(currentRealm.ssoSessionIdleTimeout || 0)/60} minutes)`);
|
||||
console.log(`Client Session Max Lifespan: ${currentRealm.clientSessionMaxLifespan || 'not set'} seconds`);
|
||||
console.log(`Client Session Idle Timeout: ${currentRealm.clientSessionIdleTimeout || 'not set'} seconds`);
|
||||
console.log(`Offline Session Max Lifespan: ${currentRealm.offlineSessionMaxLifespan || 'not set'} seconds`);
|
||||
console.log(`Refresh Token Max Reuse: ${currentRealm.refreshTokenMaxReuse || 0}`);
|
||||
|
||||
// Also check specific client settings if JupyterHub client exists
|
||||
try {
|
||||
const clients = await kcAdminClient.clients.find({ clientId: 'jupyterhub' });
|
||||
if (clients.length > 0) {
|
||||
const jupyterhubClient = clients[0];
|
||||
console.log(`\n=== JupyterHub Client Settings ===`);
|
||||
console.log(`Client ID: ${jupyterhubClient.clientId}`);
|
||||
console.log(`Access Token Lifespan: ${jupyterhubClient.attributes?.['access.token.lifespan'] || 'inherit from realm'}`);
|
||||
}
|
||||
} catch (clientError) {
|
||||
console.log(`\n⚠️ Could not retrieve JupyterHub client settings: ${clientError}`);
|
||||
}
|
||||
|
||||
console.log(`\n=== Keycloak Default Values (for reference) ===`);
|
||||
console.log(`Default Access Token Lifespan: 300 seconds (5 minutes)`);
|
||||
console.log(`Default SSO Session Max: 36000 seconds (10 hours)`);
|
||||
console.log(`Default SSO Session Idle: 1800 seconds (30 minutes)`);
|
||||
|
||||
} catch (error) {
|
||||
console.error("✗ Failed to retrieve realm token settings:", error);
|
||||
process.exit(1);
|
||||
const currentRealm = await kcAdminClient.realms.findOne({ realm });
|
||||
if (!currentRealm) {
|
||||
throw new Error(`Realm ${realm} not found`);
|
||||
}
|
||||
|
||||
console.log(`\n=== Current Token Settings for Realm: ${realm} ===`);
|
||||
console.log(
|
||||
`Access Token Lifespan: ${currentRealm.accessTokenLifespan || "not set"} seconds (${(currentRealm.accessTokenLifespan || 0) / 60} minutes)`
|
||||
);
|
||||
console.log(
|
||||
`Access Token Lifespan (Implicit): ${currentRealm.accessTokenLifespanForImplicitFlow || "not set"} seconds`
|
||||
);
|
||||
console.log(
|
||||
`SSO Session Max Lifespan: ${currentRealm.ssoSessionMaxLifespan || "not set"} seconds (${(currentRealm.ssoSessionMaxLifespan || 0) / 60} minutes)`
|
||||
);
|
||||
console.log(
|
||||
`SSO Session Idle Timeout: ${currentRealm.ssoSessionIdleTimeout || "not set"} seconds (${(currentRealm.ssoSessionIdleTimeout || 0) / 60} minutes)`
|
||||
);
|
||||
console.log(
|
||||
`Client Session Max Lifespan: ${currentRealm.clientSessionMaxLifespan || "not set"} seconds`
|
||||
);
|
||||
console.log(
|
||||
`Client Session Idle Timeout: ${currentRealm.clientSessionIdleTimeout || "not set"} seconds`
|
||||
);
|
||||
console.log(
|
||||
`Offline Session Max Lifespan: ${currentRealm.offlineSessionMaxLifespan || "not set"} seconds`
|
||||
);
|
||||
console.log(`Refresh Token Max Reuse: ${currentRealm.refreshTokenMaxReuse || 0}`);
|
||||
|
||||
try {
|
||||
const clients = await kcAdminClient.clients.find({ clientId: "jupyterhub" });
|
||||
if (clients.length > 0) {
|
||||
const jupyterhubClient = clients[0];
|
||||
console.log(`\n=== JupyterHub Client Settings ===`);
|
||||
console.log(`Client ID: ${jupyterhubClient.clientId}`);
|
||||
console.log(
|
||||
`Access Token Lifespan: ${jupyterhubClient.attributes?.["access.token.lifespan"] || "inherit from realm"}`
|
||||
);
|
||||
}
|
||||
} catch (clientError) {
|
||||
console.log(`\n⚠️ Could not retrieve JupyterHub client settings: ${clientError}`);
|
||||
}
|
||||
|
||||
console.log(`\n=== Keycloak Default Values (for reference) ===`);
|
||||
console.log(`Default Access Token Lifespan: 300 seconds (5 minutes)`);
|
||||
console.log(`Default SSO Session Max: 36000 seconds (10 hours)`);
|
||||
console.log(`Default SSO Session Idle: 1800 seconds (30 minutes)`);
|
||||
} catch (error) {
|
||||
console.error("✗ Failed to retrieve realm token settings:", error);
|
||||
process.exit(1);
|
||||
}
|
||||
};
|
||||
|
||||
main().catch(console.error);
|
||||
main().catch(console.error);
|
||||
|
||||
Reference in New Issue
Block a user