Giter Site home page Giter Site logo

athiththan11 / token-revocation-resource Goto Github PK

View Code? Open in Web Editor NEW
2.0 2.0 0.0 413 KB

Keycloak ResourceProvider Implementation to Revoke Token Caches in WSO2 API Manager

License: Apache License 2.0

Java 100.00%
keycloak wso2-api-manager token-revocation notification

token-revocation-resource's Introduction

Token Revocation Resource

This repo contains a sample Keycloak ResourceProvider implementation to revoke the Token Caches in WSO2 API Manager (Gateway) servers when using Keycloak as the Key Manager with the WSO2 API Manager v3.2.0.

Instructions on configuring Keycloak as a Key Manager with the WSO2 API Manager v3.2.0 can be found under Configure Keycloak Connector

Note: The implementation is made for Keycloak v11.x.x versions

The implementation introduces a new endpoint named revoke-token in each configured realm of the Keycloak server to verify the JWT token's validity and to send Token Revocation Notifications to the WSO2 API Manager server.

Token Revocation Flow -- Keycloak

Build & Deploy

Build

Execute the following command from the root directory of the project to build the JAR

mvn clean package

Deploy

Copy the built JAR artifact from the <project>/target directory and place it inside the <keycloak>/standalone/deployments directory.

After successful deployment, start the Keycloak server with the following System Properties to configure the implemented EventSender to send Token Revocation Events to the WSO2 API Manager server

wso2.apim.notification.ep="https://tm-hostname:9443/internal/data/v1/notify"
wso2.apim.notification.username="admin-username"
wso2.apim.notification.password="admin-password"
# a sample startup command will look like below
sh standalone.sh -Dwso2.apim.notification.ep="https://localhost:9443/internal/data/v1/notify" -Dwso2.apim.notification.username="admin" -Dwso2.apim.notification.password="admin"

Usage

Use-Case

The WSO2 API Manager v3.2.0 provides a platform to configure third-party Key Managers. Out-of-the-box, the API Manager supports Token cache revocation feature when configuring the WSO2 Identity Server as Key Manager.

This sample implementation, introduces an endpoint named revoke-token in the Keycloak server to validate the Token's validity and signature and then to send a Token Revocation notification to the API Manager servers to mark the Bearer JWT token as revoked in the Gateway servers. This ensures that the JWT token cannot be used again to invoke the APIs through the API Manager servers.

Given below is the revoke-token endpoint definition and the usage.

Revoke Token Endpoint

The usage of the introduced revoke-token endpoint will be as following

POST /auth/realms/{realm-name}/revoke-token
Authorization: Basic Base64(clientId:clientSecret)
Content-Type: application/x-www-form-urlencoded

token=<JWT Bearer Token>

License

Apache-2.0

token-revocation-resource's People

Contributors

athiththan11 avatar

Stargazers

avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.