You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are migrating an application used for managing keycloak resources.
This was deployed on node v14 and working fine, we are currently in the process of upgrading it to node v18 due to EOL for node v14.
We noticed that the keycloak multi realm initialize not recognizing the bearer token issued by keycloak post authentication.
Environment:
Keycloak server version - 21.0.1/16.1.1 - tested with both the version and same result.
NodeJs - 18
keycloak-js package - 21.0.1
keycloak-connect package - 21.0.1
keycloak-connect-multirealm - 2.1.0
/token request returns auth information incluing access_token, refreshToken, etc.
/login - node server api which takes forward bearer token to the application for other requests. this one is again redirecting with 302 to openid-connect/auth keycloak .
I feel this is because my /login is not getting the bearer token or recognize the authentication context.
the same flow is working fine with NodeJs v14. below are few code snippets.
// setting up keycloak and its config in node server
const setupKeycloakAuth = (app, config) => {
const kcConfig = {
resource: ${config.keycloakClientId},
serverUrl: ${config.keycloakUrl},
"auth-server-url": ${config.keycloakUrl},
"public-client": true
};
let initPromise;
if (accessToken) {
initPromise = keycloakInstance.init({
refreshToken: refreshToken,
token: accessToken,
idToken: idToken,
checkLoginIframe: false
});
keycloakInstance.saneSessionID = saneSessionID;
} else {
initPromise = keycloakInstance.init({ ** /authenticate keycloak api // keycloak is initialized and authenticated with token, refreshToken etc.**
onLoad: "check-sso",
checkLoginIframeInterval: 1
});
}
return promiseTimeout(keycloakTimeoutMs, initPromise).then(() => {
if (
keycloakRealm === keycloakInstance.realm &&
keycloakInstance.authenticated
) {
let tokenFromSession = sessionStorage.getItem(TOKEN);
sessionStorage.setItem(TOKEN, keycloakInstance.token);
!tokenFromSession && logLoginEvent(); // invokes the node login api
} else {
keycloakInstance.login();
}
});
};
// Api.js
// this method returns all the header information which also has the bearer token and other related info.
Even with the proper bearer token it is doing a 302 redirect to /openid-connect/auth meaning the request is not recognizing the bearer token.
What am I missing here?
Is there any compatibility issues in keycloak-connect-multirealm with node 18.
The text was updated successfully, but these errors were encountered:
jaganvelu
changed the title
post authentication keycloak-connect-multirealm library is recognizing keycloak bearer token.
post authentication keycloak-connect-multirealm library is not recognizing keycloak bearer token.
May 19, 2023
We are migrating an application used for managing keycloak resources.
This was deployed on node v14 and working fine, we are currently in the process of upgrading it to node v18 due to EOL for node v14.
We noticed that the keycloak multi realm initialize not recognizing the bearer token issued by keycloak post authentication.
Environment:
Keycloak server version - 21.0.1/16.1.1 - tested with both the version and same result.
NodeJs - 18
keycloak-js package - 21.0.1
keycloak-connect package - 21.0.1
keycloak-connect-multirealm - 2.1.0
keycloak adapter config :
{
"realm": "my-realm",
"auth-server-url": "http://localhost/auth/",
"ssl-required": "none",
"resource": "my-client-id",
"public-client": true,
"confidential-port": 0
}
Sequence of flow as below:
// setting up keycloak and its config in node server
const setupKeycloakAuth = (app, config) => {
const kcConfig = {
resource:
${config.keycloakClientId}
,serverUrl:
${config.keycloakUrl}
,"auth-server-url":
${config.keycloakUrl}
,"public-client": true
};
};
const keycloak = setupKeycloakAuth(app, config);
app.use(keycloak.middleware());
require("./dev-helper").setupHotLoading(app, config);
app.use("/umlite/api", keycloak.protect(), api.createRouter(config));
});
// initializing keycloak - in react application
export const initializeKeycloak = (
keycloakUrl,
keycloakTimeoutMs,
keycloakRealm,
keycloakClientId,
accessToken,
refreshToken,
idToken,
saneSessionID,
isConfidentialClient,
clientSecret
) => {
let initPromise;
if (accessToken) {
initPromise = keycloakInstance.init({
refreshToken: refreshToken,
token: accessToken,
idToken: idToken,
checkLoginIframe: false
});
keycloakInstance.saneSessionID = saneSessionID;
} else {
initPromise = keycloakInstance.init({ ** /authenticate keycloak api // keycloak is initialized and authenticated with token, refreshToken etc.**
onLoad: "check-sso",
checkLoginIframeInterval: 1
});
}
return promiseTimeout(keycloakTimeoutMs, initPromise).then(() => {
if (
keycloakRealm === keycloakInstance.realm &&
keycloakInstance.authenticated
) {
let tokenFromSession = sessionStorage.getItem(TOKEN);
sessionStorage.setItem(TOKEN, keycloakInstance.token);
!tokenFromSession && logLoginEvent(); // invokes the node login api
} else {
keycloakInstance.login();
}
});
};
// Api.js
// this method returns all the header information which also has the bearer token and other related info.
Even with the proper bearer token it is doing a 302 redirect to /openid-connect/auth meaning the request is not recognizing the bearer token.
const getDefaultPostOptions = async body => {
const tkn = await getToken();
const refreshTkn = await getRefreshToken();
let defPostObject = {
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization: "bearer " + tkn,
UserName: getUserName(),
Refresh: refreshTkn
},
body: JSON.stringify(body)
};
return defPostObject;
};
const postCall = async (uri, body) => {
try {
return fetch(uri, await getDefaultPostOptions(body)).then(response => {
if (!response.ok) {
return response.json().then(errorResponse => {
throw errorResponse;
});
} else {
return response;
}
});
} catch (err) {
console.log("postCall :: err : ", err);
}
};
export const logLoginEvent = (userData = {}) => {
const uri =
${node_api_base_path}/login
;return postCall(uri, userData);
};
What am I missing here?
Is there any compatibility issues in keycloak-connect-multirealm with node 18.
The text was updated successfully, but these errors were encountered: