baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cfcb278c4ded48c8b0b7df056f7f7eab5277d2e9
buun-stack/keycloak/scripts/create-realm.ts
Masaki Yatsu ea328fe517 chore(keycloak): set longer SSO timeout
2025-12-01 12:54:22 +09:00

79 lines
2.9 KiB
TypeScript
Raw Blame History

import KcAdminClient from "@keycloak/keycloak-admin-client";
import invariant from "tiny-invariant";
const main = async () => {
const keycloakHost = process.env.KEYCLOAK_HOST;
invariant(keycloakHost, "KEYCLOAK_HOST environment variable is required.");
const adminUsername = process.env.KEYCLOAK_ADMIN_USER;
invariant(adminUsername, "KEYCLOAK_ADMIN_USER environment variable is required.");
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD environment variable is required");
const realmName = process.env.KEYCLOAK_REALM;
invariant(realmName, "KEYCLOAK_REALM environment variable is required");
// Token lifespan settings (with defaults suitable for development/personal use)
const accessTokenLifespan = parseInt(process.env.ACCESS_TOKEN_LIFESPAN || "43200"); // 12 hours
const ssoSessionIdleTimeout = parseInt(process.env.SSO_SESSION_IDLE_TIMEOUT || "86400"); // 1 day
const ssoSessionMaxLifespan = parseInt(process.env.SSO_SESSION_MAX_LIFESPAN || "604800"); // 7 days
const kcAdminClient = new KcAdminClient({
baseUrl: `https://${keycloakHost}`,
realmName: "master",
});
try {
await kcAdminClient.auth({
username: adminUsername,
password: adminPassword,
grantType: "password",
clientId: "admin-cli",
});
console.log("Authentication successful.");
const existingRealms = await kcAdminClient.realms.find();
const realmExists = existingRealms.some((realm) => realm.realm === realmName);
if (realmExists) {
console.warn(`Realm '${realmName}' already exists.`);
return;
}
await kcAdminClient.realms.create({
realm: realmName,
enabled: true,
// Token lifespan settings
accessTokenLifespan: accessTokenLifespan,
accessTokenLifespanForImplicitFlow: accessTokenLifespan,
// SSO session settings
ssoSessionMaxLifespan: ssoSessionMaxLifespan,
ssoSessionIdleTimeout: ssoSessionIdleTimeout,
// Refresh token settings
refreshTokenMaxReuse: 0,
// Offline session settings
offlineSessionMaxLifespan: ssoSessionMaxLifespan * 2,
offlineSessionMaxLifespanEnabled: true,
// Client session settings (inherit from SSO session)
clientSessionMaxLifespan: ssoSessionMaxLifespan,
clientSessionIdleTimeout: ssoSessionIdleTimeout,
});
console.log(`Realm '${realmName}' created successfully with token settings:`);
console.log(
` - Access Token Lifespan: ${accessTokenLifespan}s (${accessTokenLifespan / 3600}h)`
);
console.log(
` - SSO Session Idle Timeout: ${ssoSessionIdleTimeout}s (${ssoSessionIdleTimeout / 3600}h)`
);
console.log(
` - SSO Session Max Lifespan: ${ssoSessionMaxLifespan}s (${ssoSessionMaxLifespan / 86400}d)`
);
} catch (error) {
console.error("An error occurred:", error);
// eslint-disable-next-line unicorn/no-process-exit
process.exit(1);
}
};
main();
Reference in New Issue View Git Blame Copy Permalink