Node.js Express infinite redirect loop after successful login
Question
I am setting up Keycloak on a Node.js Express frontend application.
I have included keycloak.protect() for my private route; this successfully redirects unauthenticated users to the login page.
After the user logs in or registers, it redirects back to the private root, but keycloak protect fails again and redirects you back to the auth server which then redirects you back to the private route and so on.
I have configured the keycloak auth server to use 'Standard Flow', 'Direct Access Grants'.
My natural assumption would be that because 302s wipe out the headers, the Auth header is not present when keycloak.protect is looking at the request but I have coded it as suggested in the documentation.
Is there a piece of config in the Keycloak auth server that governs the redirect back to the application?
1 answers
solution1
0 2021-10-27 13:40:52
This could have something to do with how you initialize your sessionStore
If you run behind a reverse proxy like NGINX (or its Kubernetes Ingress Controller equivalent) you might have success with telling your express app to trust the proxy in front. This would have something to do with SSL offloading and how express reacts to it.
app.enable('trust proxy');
Otherwise take a close look at the logs that keycloak-connect produces. They might be cryptic some time but they provide a good starting point in further debugging.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.