- using the preferredName as the name in the sesssion

- addin the keycloak id to the proxy headers
- updated the readme to the reflect the changes
- adding some small fixes

README.md

@@ -100,13 +100,13 @@ resources:
       - <CLIENT_APP_NAME>:<ROLE_NAME>
       - <CLIENT_APP_NAME>:<ROLE_NAME>
 ```
-Below is a sample kubeconfig file with two contexts for dev and prod clusters, the file is placed / located at ~/.kube/config by default. You can find a cheat-sheet for the kubectl command [here](https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/kubectl-cheatsheet.md)
 
 #### **Upstream Headers**
 
 On protected resources the upstream endpoint will receive a number of headers added by the proxy;
 
 ```GO
+cx.Request.Header.Add("KEYCLOAK_ID", id.id)
 cx.Request.Header.Add("KEYCLOAK_SUBJECT", id.preferredName)
 cx.Request.Header.Add("KEYCLOAK_USERNAME", id.name)
 cx.Request.Header.Add("KEYCLOAK_EMAIL", id.email)

doc.go

@@ -27,14 +27,10 @@ import (
 )
 
 const (
-	// Prog is the name of the application
-	Prog = "keycloak-proxy"
-	// Version is the release version
-	Version = "v0.0.1"
-	// Author is the writer
-	Author = "Rohith <gambol99@gmail.com>"
+	prog = "keycloak-proxy"
+	version = "v0.0.1"
+	author = "Rohith <gambol99@gmail.com>"
 
-	headerConnection       = "Connection"
 	headerUpgrade          = "Upgrade"
 	sessionCookieName      = "keycloak-access"
 	sessionStateCookieName = "keycloak-state"
@@ -64,7 +60,7 @@ var (
 	ErrRefreshTokenExpired = errors.New("the refresh token has expired")
 )
 
-// KeycloakProxy is the sever component
+// KeycloakProxy is the server component
 type KeycloakProxy struct {
 	config *Config
 	// the gin service
@@ -79,7 +75,7 @@ type KeycloakProxy struct {
 	upstreamURL *url.URL
 }
 
-// SessionState hold the state related data
+// SessionState holds the state related data
 type SessionState struct {
 	// the max time the session is permitted
 	expireOn time.Time
@@ -87,7 +83,7 @@ type SessionState struct {
 	refreshToken string
 }
 
-// UserContext defines the user
+// UserContext represents a user
 type UserContext struct {
 	// the id of the user
 	id string

handlers.go

@@ -169,6 +169,7 @@ func (r *KeycloakProxy) proxyHandler(cx *gin.Context) {
 	if found {
 		id := identity.(*UserContext)
 		// step: inject the identity in the headers
+		cx.Request.Header.Add("KEYCLOAK_ID", id.id)
 		cx.Request.Header.Add("KEYCLOAK_SUBJECT", id.preferredName)
 		cx.Request.Header.Add("KEYCLOAK_USERNAME", id.name)
 		cx.Request.Header.Add("KEYCLOAK_EMAIL", id.email)

server.go

@@ -27,6 +27,8 @@ import (
 
 // NewProxy create's a new keycloak proxy from configuration
 func NewProxy(cfg *Config) (*KeycloakProxy, error) {
+	glog.Infof("starting the %s, version: %, author: %s", prog, version, author)
+
 	upstreamURL, err := url.Parse(cfg.Upstream)
 	if err != nil {
 		return nil, err
@@ -59,8 +61,9 @@ func NewProxy(cfg *Config) (*KeycloakProxy, error) {
 
 	service.router = gin.Default()
 	for _, resource := range cfg.Resources {
-		glog.Infof("protecting resources under: %s", resource)
+		glog.V(1).Infof("protecting resources under: %s", resource)
 	}
+
 	service.router.Use(service.entrypointHandler(), service.authenticationHandler(), service.admissionHandler())
 
 	// step: add the oauth handlers and health
@@ -93,7 +96,7 @@ func (r *KeycloakProxy) Run() error {
 
 // redirectToURL redirects the user and aborts the context
 func (r KeycloakProxy) redirectToURL(url string, cx *gin.Context) {
-	glog.Infof("redirecting the client to: %s", url)
+	glog.V(1).Infof("redirecting the client to: %s", url)
 	cx.Redirect(http.StatusTemporaryRedirect, url)
 	cx.Abort()
 }

session.go

@@ -132,7 +132,7 @@ func (r *KeycloakProxy) getUserContext(token jose.JWT) (*UserContext, error) {
 
 	return &UserContext{
 		id:            ident.ID,
-		name:          ident.Name,
+		name:          preferredName,
 		preferredName: preferredName,
 		email:         ident.Email,
 		expiresAt:     ident.ExpiresAt,