Keycloak 和 nodeJS:无法使用过期的刷新令牌进行刷新
[英]Keycloak and nodeJS : Unable to refresh with expired refresh token
问题描述
EDIT: I've set a server on a vm, without Docker, and everything worked well, it looks like VM+Docker is too much layer.
编辑:我在 vm 上设置了一个服务器,没有 Docker,一切正常,看起来 VM+Docker 层太多了。
I have a node backend, with a route protected with:我有一个节点后端,其路由受以下保护:
app.get('/api/user', keycloak.protect(), function(req, res) {
res.json({ message: 'This is an USER endpoint payload' });
});
I have this keycloak.json:我有这个keycloak.json:
{
"realm": "MyRealm",
"auth-server-url": "http://keycloak.com:8008/auth/",
"ssl-required": "none",
"resource": "sso_agt",
"public-client": true,
"confidential-port": 0
}
When I use this route, i'm redirected to the auth page.当我使用这条路线时,我被重定向到身份验证页面。 When i'm logged, it redirects me to the right url, but I have denied access, with this error in npm console:当我登录时,它会将我重定向到正确的 url,但我拒绝访问,在 npm 控制台中出现此错误:
Could not obtain grant code: Error: Unable to refresh with expired refresh token
In my keycloak console, i have a WARN type=CODE_TO_TOKEN_ERROR在我的 keycloak 控制台中,我有一个 WARN type=CODE_TO_TOKEN_ERROR
I run keycloak with docker, on a Ubuntu Server VM.我在 Ubuntu 服务器 VM 上使用 docker 运行 keycloak。
2 个解决方案
解决方案1
0 2020-06-24 16:20:54
Refresh tokens are no-expiration passwords, when combined with the clientId and client service allow for the generation of actual access tokens.刷新令牌是无过期密码,当与 clientId 和客户端服务结合使用时,可以生成实际的访问令牌。 Once a refresh token is marked as invalid, there is no way to get a new one without navigating the user through implicit login flow with the scope: offline set.一旦刷新令牌被标记为无效,如果不使用 scope: offline设置通过隐式登录流程导航用户,就无法获取新令牌。
解决方案2
0 2020-06-25 12:52:24
I've set a server on a vm, without Docker, and everything worked well, it looks like VM+Docker is too much layer.我在vm上设置了一个服务器,没有Docker,一切正常,看起来VM+Docker层太多了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.