1.8.1

Hotfix release

Changelog:

• Merge pull request #115 from Toilal/master (93a29c9)
• Make realmSecretResolver really optional, closes #114 (81ed22c)
• Update README.md (8113200)
• Update README.md (4c94ef2)
• Update example package.json (2662b78)

1.8.0

Adds multi tenant support and updated peer dependency for @nestjs/graphql.

Changes:

• Remove realm secret map as it may bring confusion (5bfd131)
• Fix example app not injecting Injector, closes #103, #104 (375d5be)
• nest-example.json to a full export, closes #97 (1e51ab2)
• Rename Nest Example to nest-example, closes #97 (d215763)

1.7.6

A minor patch.

Changes:

• Providing a path to the module now looks up the relative path first before the current working directory (#90)
• Add @nestjs/core to peer dependencies to avoid issues with Yarn PnP mono repos (#89)
• Add missing options for keycloak config (#87)

1.7.5

Hotfix release.

Changes:

• Fixed a bug where having a RoleGuard on without using @Roles will result in an undefined error (#83)

1.7.4

Hotfix release.

Changes:

• Catch grant manager error throwing invalid token when creating grants (#80)
• Added verbose logging whether the roles are granted/denied

1.7.3

Fixes a major incompatibility issue which resulted in making NestJS 8 mandatory (#78, #79).

Changes:

• Moved @nestjs/graphql from optional to peer dependency, this change will allow npm to not forcibly install it. It is still an optional peer dependency as it is needed for GraphQL support.
• Added Keycloak 15.0 to the supported list of peer dependency versions.
• Changed peer dependency versions for NestJS from 6.0 up to 8.0
• Added a deprecation warning for users using the option configuration useNestLogger and logLevels as it will be removed in the next major update.

1.7.1

A minor release.

Breaking Changes:

• No longer supports versions of NestJS 8 and below, due to the addition of ConsoleLogger. (I might remove log levels if that's what it takes to support the older NestJS versions)

Changes:

• Adds support to NestJS 8 (#72)
• keycloak-connect is now a peer dependency. Compatible for Keycloak 10 and above (#69, #73)
• All providers should be created async (#64)

1.6.1

Minor release.

Changes:

• Add token validation method (#40, #62)
• Add policy enforcement mode (enforcing, permissive)
• Rework module registration (#63)

With this, it is now possible to register the module this way:

Method 1 (keycloak json path + library options)

KeycloakConnectModule.register(`./keycloak.json`, {
  cookieKey: 'KEYCLOAK_JWT',
  logLevels: ['verbose'],
  useNestLogger: false,
  policyEnforcement: PolicyEnforcementMode.ENFORCING,
  tokenValidation: TokenValidation.NONE,
}),

Method 2 (keycloak json path only)

KeycloakConnectModule.register(`./keycloak.json`)

Method 3 (the usual method, merging both keycloak config and library options)

KeycloakConnectModule.register({
  authServerUrl: 'http://localhost:8080/auth',
  realm: 'nest-example',
  clientId: 'nest-api',
  secret: '05c1ff5e-f9ba-4622-98e3-c4c9d280546e',
  // optional if you want to retrieve JWT from cookie
  cookieKey: 'KEYCLOAK_JWT',
  logLevels: ['verbose'],
  useNestLogger: false,
  policyEnforcement: PolicyEnforcementMode.ENFORCING,
  tokenValidation: TokenValidation.NONE,
})

1.6.0

A minor update release.

Breaking Changes:

• @Roles decorator parameters changed, now requires you to pass a parameter object, a quick snippet (#45, thanks @jalorenz):

// Client application roles
@Roles({ roles: ['admin', 'other'], mode: RoleMatchingMode.ALL })
// Realm roles, simply prefix it with realm:
@Roles({ roles: ['realm:admin', 'realm:other'], mode: RoleMatchingMode.ALL })

• @Roles decorator now defaults to match ANY roles given
• Remove @AllowAnyRole decorator

Changes:

• Add option to configure policy enforcement (#55)
• Fix bug where GraphQL is not supported when using AuthenticatedUser decorator (#57)
• Add a way to inject a custom logger implementation (#58)
• Add option to use nest logger, which allows loggers from NestJS app.useLogger respectively (#58)

1.5.3

A minor release for bug fixes:

• User object should not call userInfo endpoint (#51)
• Invalid auth/jwt should throw unauthorized instead of forbidden (#53)
• Add default log level when not defined (#50, thanks @talbx)