node oidc-provider (for keycloak)

Question

I am trying to have a basic node oidc-provider app as OIDC provider for my keycloak server.

Keycloak correctly links to the login page of my app. After entering username and password I get correctly transfered back to keycloak.

However, keycloak than says "Unexpected error when authenticating with identity provider".

---

EDIT: I adjusted the keycloak log level and now i see the following error:

Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.

---

My app looks like this:

 const express = require('express'); const Provider = require('oidc-provider'); const app = express(); const clients = [ { client_id: 'my_keycloak_client', client_secret: "<someKey>", grant_types: ['authorization_code'], response_types: ['code'], redirect_uris: ['http://localhost:8080/auth/realms/master/broker/oidc/endpoint'], token_endpoint_auth_method: 'none' } ]; const oidc = new Provider('http://localhost:3001', { async findById(ctx, id) { return { accountId: id, async claims() { return { sub: id }; }, }; } }); oidc.initialize({ clients: clients, keystore: { keys: [ { kty:"RSA", kid: "zid-auth key", use: "sig", p:"<someKey>", q:"<someKey>", d:"<someKey>", e:"AQAB", qi:"<someKey>", dp:"<someKey>", dq:"<someKey>", n:"<someKey>" } ] } }).then(function () { app.use('/', oidc.callback); app.listen(3001); }); 

Answer 1

You must configure token_endpoint_auth_method to the right method value keycloak is actually using. oidc-provider will fail client authentication if a secret is provided for a client with the method set to none .