I tried implementing Keycloak, using example from here . On Node.js it went ok, but I have a problem with Java Spring boot. After logging in (on the frontend) Keycloak returns token. After sending that token to the backend (Spring boot), I am getting an error "Token type is incorrect. Expected 'Bearer' but was 'ID'". After decoding token I see that in the "typ" there is "ID", but probably should be "bearer".
Do you have any idea how to solve this problem?
All info are below:
Application.java
package bootwildfly;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
@RestController
class ProductController {
@RequestMapping( "/hello")
public String getProducts(){
return ("Hello, SpringBoot on Wildfly");
}
@RequestMapping(path = "/logout")
public String logout(HttpServletRequest request) throws ServletException {
request.logout();
return "/";
}
}
application.properties
keycloak.realm = Openshift-radionica
keycloak.bearer-only = true
keycloak.auth-server-url = http://keycloak-sso.***.***/auth
keycloak.ssl-required = external
keycloak.resource = client-backend
server.port=8080
keycloak.securityConstraints[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /hello/*
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>product-app</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>product-app</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<keycloak.version>3.1.0.Final</keycloak.version>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>3.3.0.CR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Error:
2017-10-12 11:08:18.119 ERROR 1 --- [nio-8080-exec-9] o.k.a.BearerTokenRequestAuthenticator : Failed to verify token
org.keycloak.common.VerificationException: Token type is incorrect. Expected 'Bearer' but was 'ID'
at org.keycloak.TokenVerifier$TokenTypeCheck.test(TokenVerifier.java:129) ~[keycloak-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.TokenVerifier.verify(TokenVerifier.java:371) ~[keycloak-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.RSATokenVerifier.verify(RSATokenVerifier.java:89) ~[keycloak-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:56) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:206) ~[spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:47) [spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(KeycloakAuthenticatorValve.java:54) [spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:560) [tomcat-embed-core-8.5.14.jar!/:8.5.14]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:185) ~[spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.14.jar!/:8.5.14]
On client side(frontend) I use VueJS VueJS Keycloak . I had the same problem. Solved this problem by changing src/components/security/header.js
import store from '../../store'
export default () => {
var keycloakAuth = store.getters.SECURITY_AUTH
return { 'Authorization': 'Bearer ' + keycloakAuth.idToken }
}
from keycloakAuth.idToken to keycloakAuth.token and it fixed problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.