Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

post authentication keycloak-connect-multirealm library is not recognizing keycloak bearer token. #31

Open
jaganvelu opened this issue May 19, 2023 · 0 comments

Comments

@jaganvelu
Copy link

We are migrating an application used for managing keycloak resources.
This was deployed on node v14 and working fine, we are currently in the process of upgrading it to node v18 due to EOL for node v14.
We noticed that the keycloak multi realm initialize not recognizing the bearer token issued by keycloak post authentication.

Environment:
Keycloak server version - 21.0.1/16.1.1 - tested with both the version and same result.
NodeJs - 18
keycloak-js package - 21.0.1
keycloak-connect package - 21.0.1
keycloak-connect-multirealm - 2.1.0

keycloak adapter config :
{
  "realm": "my-realm",
  "auth-server-url": "http://localhost/auth/",
  "ssl-required": "none",
  "resource": "my-client-id",
  "public-client": true,
  "confidential-port": 0
}
Sequence of flow as below:

  • /token request returns auth information incluing access_token, refreshToken, etc.
  • /login - node server api which takes forward bearer token to the application for other requests. this one is again redirecting with 302 to openid-connect/auth keycloak .
  • I feel this is because my /login is not getting the bearer token or recognize the authentication context.
  • the same flow is working fine with NodeJs v14. below are few code snippets.

// setting up keycloak and its config in node server
const setupKeycloakAuth = (app, config) => {
const kcConfig = {
resource: ${config.keycloakClientId},
serverUrl: ${config.keycloakUrl},
"auth-server-url": ${config.keycloakUrl},
"public-client": true
};

return new KeycloakMultirealm({ }, kcConfig);

};

const keycloak = setupKeycloakAuth(app, config);
app.use(keycloak.middleware());
require("./dev-helper").setupHotLoading(app, config);
app.use("/umlite/api", keycloak.protect(), api.createRouter(config));
});

// initializing keycloak - in react application

export const initializeKeycloak = (
keycloakUrl,
keycloakTimeoutMs,
keycloakRealm,
keycloakClientId,
accessToken,
refreshToken,
idToken,
saneSessionID,
isConfidentialClient,
clientSecret
) => {

keycloakInstance = new Keycloak({
  realm: keycloakRealm,
  url: keycloakUrl,
  clientId: keycloakClientId
});

let initPromise;
if (accessToken) {
initPromise = keycloakInstance.init({
refreshToken: refreshToken,
token: accessToken,
idToken: idToken,
checkLoginIframe: false
});
keycloakInstance.saneSessionID = saneSessionID;
} else {
initPromise = keycloakInstance.init({ ** /authenticate keycloak api // keycloak is initialized and authenticated with token, refreshToken etc.**
onLoad: "check-sso",
checkLoginIframeInterval: 1
});
}
return promiseTimeout(keycloakTimeoutMs, initPromise).then(() => {
if (
keycloakRealm === keycloakInstance.realm &&
keycloakInstance.authenticated
) {
let tokenFromSession = sessionStorage.getItem(TOKEN);
sessionStorage.setItem(TOKEN, keycloakInstance.token);
!tokenFromSession && logLoginEvent(); // invokes the node login api
} else {
keycloakInstance.login();
}
});
};

// Api.js

// this method returns all the header information which also has the bearer token and other related info.
Even with the proper bearer token it is doing a 302 redirect to /openid-connect/auth meaning the request is not recognizing the bearer token.

const getDefaultPostOptions = async body => {
const tkn = await getToken();
const refreshTkn = await getRefreshToken();
let defPostObject = {
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization: "bearer " + tkn,
UserName: getUserName(),
Refresh: refreshTkn
},
body: JSON.stringify(body)
};
return defPostObject;
};

const postCall = async (uri, body) => {
try {
return fetch(uri, await getDefaultPostOptions(body)).then(response => {
if (!response.ok) {
return response.json().then(errorResponse => {
throw errorResponse;
});
} else {
return response;
}
});
} catch (err) {
console.log("postCall :: err : ", err);
}
};

export const logLoginEvent = (userData = {}) => {
const uri = ${node_api_base_path}/login;
return postCall(uri, userData);
};

What am I missing here?
Is there any compatibility issues in keycloak-connect-multirealm with node 18.

@jaganvelu jaganvelu changed the title post authentication keycloak-connect-multirealm library is recognizing keycloak bearer token. post authentication keycloak-connect-multirealm library is not recognizing keycloak bearer token. May 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant