chore(keycloak): code cleanup
This commit is contained in:
Masaki Yatsu
@@ -4,88 +4,84 @@ import KcAdminClient from "@keycloak/keycloak-admin-client";
|
||||
import invariant from "tiny-invariant";
|
||||
|
||||
const main = async () => {
|
||||
// Environment variables
|
||||
const keycloakHost = process.env.KEYCLOAK_HOST;
|
||||
const adminUser = process.env.KEYCLOAK_ADMIN_USER;
|
||||
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
|
||||
const realm = process.env.KEYCLOAK_REALM;
|
||||
const accessTokenLifespan = parseInt(process.env.ACCESS_TOKEN_LIFESPAN || "3600");
|
||||
const refreshTokenLifespan = parseInt(process.env.REFRESH_TOKEN_LIFESPAN || "1800");
|
||||
const keycloakHost = process.env.KEYCLOAK_HOST;
|
||||
const adminUser = process.env.KEYCLOAK_ADMIN_USER;
|
||||
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
|
||||
const realm = process.env.KEYCLOAK_REALM;
|
||||
const accessTokenLifespan = parseInt(process.env.ACCESS_TOKEN_LIFESPAN || "3600");
|
||||
const refreshTokenLifespan = parseInt(process.env.REFRESH_TOKEN_LIFESPAN || "1800");
|
||||
|
||||
invariant(keycloakHost, "KEYCLOAK_HOST is required");
|
||||
invariant(adminUser, "KEYCLOAK_ADMIN_USER is required");
|
||||
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD is required");
|
||||
invariant(realm, "KEYCLOAK_REALM is required");
|
||||
invariant(keycloakHost, "KEYCLOAK_HOST is required");
|
||||
invariant(adminUser, "KEYCLOAK_ADMIN_USER is required");
|
||||
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD is required");
|
||||
invariant(realm, "KEYCLOAK_REALM is required");
|
||||
|
||||
console.log(`Updating token settings for realm: ${realm}`);
|
||||
console.log(`Access token lifespan: ${accessTokenLifespan} seconds (${accessTokenLifespan/60} minutes)`);
|
||||
console.log(`Refresh token lifespan: ${refreshTokenLifespan} seconds (${refreshTokenLifespan/60} minutes)`);
|
||||
console.log(`Updating token settings for realm: ${realm}`);
|
||||
console.log(
|
||||
`Access token lifespan: ${accessTokenLifespan} seconds (${accessTokenLifespan / 60} minutes)`
|
||||
);
|
||||
console.log(
|
||||
`Refresh token lifespan: ${refreshTokenLifespan} seconds (${refreshTokenLifespan / 60} minutes)`
|
||||
);
|
||||
|
||||
// Initialize Keycloak admin client
|
||||
const kcAdminClient = new KcAdminClient({
|
||||
baseUrl: `https://${keycloakHost}`,
|
||||
realmName: "master",
|
||||
const kcAdminClient = new KcAdminClient({
|
||||
baseUrl: `https://${keycloakHost}`,
|
||||
realmName: "master",
|
||||
});
|
||||
|
||||
try {
|
||||
await kcAdminClient.auth({
|
||||
username: adminUser,
|
||||
password: adminPassword,
|
||||
grantType: "password",
|
||||
clientId: "admin-cli",
|
||||
});
|
||||
|
||||
try {
|
||||
// Authenticate
|
||||
await kcAdminClient.auth({
|
||||
username: adminUser,
|
||||
password: adminPassword,
|
||||
grantType: "password",
|
||||
clientId: "admin-cli",
|
||||
});
|
||||
console.log("✓ Authenticated with Keycloak admin");
|
||||
|
||||
console.log("✓ Authenticated with Keycloak admin");
|
||||
kcAdminClient.setConfig({ realmName: realm });
|
||||
|
||||
// Set the target realm
|
||||
kcAdminClient.setConfig({ realmName: realm });
|
||||
|
||||
// Get current realm settings
|
||||
const currentRealm = await kcAdminClient.realms.findOne({ realm });
|
||||
if (!currentRealm) {
|
||||
throw new Error(`Realm ${realm} not found`);
|
||||
}
|
||||
|
||||
console.log(`Current settings:`);
|
||||
console.log(` - Access token lifespan: ${currentRealm.accessTokenLifespan} seconds`);
|
||||
console.log(` - Refresh token lifespan: ${currentRealm.ssoSessionMaxLifespan} seconds`);
|
||||
console.log(` - SSO session idle: ${currentRealm.ssoSessionIdleTimeout} seconds`);
|
||||
|
||||
// Update realm settings
|
||||
await kcAdminClient.realms.update(
|
||||
{ realm },
|
||||
{
|
||||
...currentRealm,
|
||||
// Access token settings
|
||||
accessTokenLifespan: accessTokenLifespan,
|
||||
accessTokenLifespanForImplicitFlow: accessTokenLifespan,
|
||||
// Refresh token settings
|
||||
refreshTokenMaxReuse: 0,
|
||||
ssoSessionMaxLifespan: refreshTokenLifespan,
|
||||
ssoSessionIdleTimeout: Math.min(refreshTokenLifespan, 1800), // Max 30 minutes idle
|
||||
// Other token settings
|
||||
offlineSessionMaxLifespan: refreshTokenLifespan * 2,
|
||||
offlineSessionMaxLifespanEnabled: true,
|
||||
// Client session settings
|
||||
clientSessionMaxLifespan: accessTokenLifespan,
|
||||
clientSessionIdleTimeout: Math.min(accessTokenLifespan, 1800),
|
||||
}
|
||||
);
|
||||
|
||||
console.log("✓ Realm token settings updated successfully");
|
||||
|
||||
// Verify the changes
|
||||
const updatedRealm = await kcAdminClient.realms.findOne({ realm });
|
||||
console.log(`Updated settings:`);
|
||||
console.log(` - Access token lifespan: ${updatedRealm?.accessTokenLifespan} seconds`);
|
||||
console.log(` - Refresh token lifespan: ${updatedRealm?.ssoSessionMaxLifespan} seconds`);
|
||||
console.log(` - SSO session idle: ${updatedRealm?.ssoSessionIdleTimeout} seconds`);
|
||||
|
||||
} catch (error) {
|
||||
console.error("✗ Failed to update realm token settings:", error);
|
||||
process.exit(1);
|
||||
const currentRealm = await kcAdminClient.realms.findOne({ realm });
|
||||
if (!currentRealm) {
|
||||
throw new Error(`Realm ${realm} not found`);
|
||||
}
|
||||
|
||||
console.log(`Current settings:`);
|
||||
console.log(` - Access token lifespan: ${currentRealm.accessTokenLifespan} seconds`);
|
||||
console.log(` - Refresh token lifespan: ${currentRealm.ssoSessionMaxLifespan} seconds`);
|
||||
console.log(` - SSO session idle: ${currentRealm.ssoSessionIdleTimeout} seconds`);
|
||||
|
||||
await kcAdminClient.realms.update(
|
||||
{ realm },
|
||||
{
|
||||
...currentRealm,
|
||||
// Access token settings
|
||||
accessTokenLifespan: accessTokenLifespan,
|
||||
accessTokenLifespanForImplicitFlow: accessTokenLifespan,
|
||||
// Refresh token settings
|
||||
refreshTokenMaxReuse: 0,
|
||||
ssoSessionMaxLifespan: refreshTokenLifespan,
|
||||
ssoSessionIdleTimeout: Math.min(refreshTokenLifespan, 1800), // Max 30 minutes idle
|
||||
// Other token settings
|
||||
offlineSessionMaxLifespan: refreshTokenLifespan * 2,
|
||||
offlineSessionMaxLifespanEnabled: true,
|
||||
// Client session settings
|
||||
clientSessionMaxLifespan: accessTokenLifespan,
|
||||
clientSessionIdleTimeout: Math.min(accessTokenLifespan, 1800),
|
||||
}
|
||||
);
|
||||
|
||||
console.log("✓ Realm token settings updated successfully");
|
||||
|
||||
const updatedRealm = await kcAdminClient.realms.findOne({ realm });
|
||||
console.log(`Updated settings:`);
|
||||
console.log(` - Access token lifespan: ${updatedRealm?.accessTokenLifespan} seconds`);
|
||||
console.log(` - Refresh token lifespan: ${updatedRealm?.ssoSessionMaxLifespan} seconds`);
|
||||
console.log(` - SSO session idle: ${updatedRealm?.ssoSessionIdleTimeout} seconds`);
|
||||
} catch (error) {
|
||||
console.error("✗ Failed to update realm token settings:", error);
|
||||
process.exit(1);
|
||||
}
|
||||
};
|
||||
|
||||
main().catch(console.error);
|
||||
main().catch(console.error);
|
||||
|
||||
Reference in New Issue
Block a user