PKCE with Keycloak and Passport
In the last year, I have taken over a few npm packages that have been abandoned by their original maintainers. One of them, which I published today, is called passport-keycloak-oauth2-oidc-portable, and is a library that extends the original passport-oauth2 strategy to allow authenticating on Keycloak via OAuth2/OIDC API. One of the reported issues in the original repo was regarding the missing “openid” scope that is mandatory for the “userinfo” field and which became a showstopper for some use cases. So I thought I could take care of this library and also learn a few things along the way. And I did, indeed.
After fixing the reported errors, I decided to switch the project from JavaScript to TypeScript. Dealing with security-related software and protocols should not be done in JavaScript, even if it’s a small helper library. I understand that many years ago there was no better way of doing things in the browser environment, and I truly respect every developer who has ever maintained a JavaScript project, but these days we have better tools. No need to think about invalid types, confused field names, and similar issues. Additionally, I added integration and e2e tests. And to make it more realistic for local testing, there is also a docker-compose.yml available that sets up a Keycloak instance and imports a test realm that can be used with the library.
To start Keycloak, enter pnpm start:keycloak. And to stop it: pnpm stop:keycloak. The docker-compose.yml is pretty straightforward.
