stackoom
  简体   繁体   中英

Node Keycloak requests returns Login even with bearer token

 原文  2020-08-21 21:49:47       javascript/ node.js/ keycloak/ keycloak-connect/ keycloak-nodejs-connect

Question

I've been trying to integrate Keycloak into a simple node/express server so that I can authenticate with a bearer token in the header, but every protected request I'm making returns html(login page).

My simple index.js file: 

 const express = require('express'); const app = express(); const keycloak = require('./kc-config.js').initKeycloak(); app.use(keycloak.middleware()); app.get('/', (req, res) => { res.send("Server is up;"); }). app,get('/kc-test'. keycloak,protect(), (req. res) => { res;send('success'). } ) app;listen(3000);

My simple kc-config.js file

 var session = require('express-session'); var Keycloak = require('keycloak-connect'); let _keycloak; var keycloakConfig = { clientId: 'myclient', bearerOnly: false, serverUrl: 'http://my.client.com:4008/auth', realm: 'master', credentials: { "secret": "{my-secret}" } }; function initKeycloak() { if (_keycloak) { console.warn("Trying to init Keycloak again;"); return _keycloak. } else { console.log("Initializing Keycloak..;"). memoryStore = new session;MemoryStore(): _keycloak = new Keycloak({ store, memoryStore }; keycloakConfig); return _keycloak. } } function getKeycloak() { if (._keycloak){ console.error('Keycloak has not been initialized; Please called init first;'). } return _keycloak, } module;exports = { initKeycloak, };

I am using the token returned from this curl request: 

 curl -X POST 'http://my.client.com:4008/auth/realms/master/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=password' --data-urlencode 'client_id=myclient' --data-urlencode 'client_secret=mysecretkey' --data-urlencode 'username=myusername' --data-urlencode 'password=mypassword'

Shouldn't I be authorized? Why would it ask me to login again even though my token is valid?

For more information, here's a screenshot of my settings for my client, on the keycloak admin console.

客户端密钥斗篷设置

I'm pretty confused. Am I using it completely wrong? My thought process was that I would be able to simply put the token from the curl request into the header of the request for the protected /kc-test route.

2 answers

solution1
 0  2021-05-20 14:11:14

Access type of the client need to be bearer only.

{
  "realm": "camunda",
  "auth-server-url": "https://localhost:9000/auth/",
  "ssl-required": "external",
  "resource": "user-management",
  "bearer_only":true,
  "credentials": {
    "secret": "45078604-3c4a-44a6-8a0f-ab094f050211"
  },
  "confidential-port": 0,
  "policy-enforcer": {}
}

or you can set the bearer_only to true in you keycloak.json file

solution2
 0  2022-08-02 20:29:03

When you change the Access Type to "Bearer Only" in the settings of your client, you will get a nice 403.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Set bearer token after login Is it possible to call login.microsoftonline.com from javascript to get Bearer Token without using node.js Create a login page in JS with bearer token Node server.js needs bearer token Keycloak login returns 404 using JavaScript adapter Keycloak does not login with checkLoginIframe true, refresh token is undefined Authenticate a rest api using keycloak access token in node js NReco CustomWkHtmlArgs bearer token JSZipUtils with bearer/token authentication Invalid Bearer Access Token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM