return profile picture

2026-04-18 16:27:51 +00:00 · 2026-04-17 14:53:21 +01:00
parent 36b2eee680
commit c4eb6ef53a
8 changed files with 58 additions and 3 deletions
@@ -0,0 +1,11 @@
+// auth.module.ts
+import { Module } from "@nestjs/common";
+import { PassportModule } from "@nestjs/passport";
+import { KeycloakStrategy } from "./keycloak.strategy";
+
+@Module({
+  imports: [PassportModule],
+  providers: [KeycloakStrategy], // 👈 THIS IS THE FIX
+  exports: [PassportModule],
+})
+export class AuthModule {}
@@ -0,0 +1,5 @@
+import { Injectable } from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+
+@Injectable()
+export class KeycloakAuthGuard extends AuthGuard("keycloak") {}
@@ -0,0 +1,41 @@
+import { Injectable } from "@nestjs/common";
+import { PassportStrategy } from "@nestjs/passport";
+import { ExtractJwt, Strategy } from "passport-jwt";
+import * as jwksRsa from "jwks-rsa";
+
+@Injectable()
+export class KeycloakStrategy extends PassportStrategy(Strategy, "keycloak") {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+
+      // 🔑 Get signing key from Keycloak
+      secretOrKeyProvider: jwksRsa.passportJwtSecret({
+        cache: true,
+        rateLimit: true,
+        jwksRequestsPerMinute: 5,
+        jwksUri:
+          "https://keycloak.petermaquiran.xyz/realms/tvone/protocol/openid-connect/certs",
+      }),
+
+      //audience: "tvone-web", // your Keycloak clientId
+      issuer: "https://keycloak.petermaquiran.xyz/realms/tvone",
+      algorithms: ["RS256"],
+    });
+  }
+
+  async validate(payload: any) {
+    console.log('Full JWT Payload:', payload);
+    return {
+      userId: payload.sub,
+      email: payload.email,
+      name: payload.name,
+      // Google profile image is usually in 'picture'
+      email_verified: payload.email_verified,
+      picture: payload.picture || `https://profiles.google.com/s2/photos/profile/${payload.email}`,
+      roles: payload.realm_access?.roles || [],
+      // Keep raw for debugging other custom claims
+      raw: payload,
+    };
+  }
+}