gocloak is broken for Keycloak v17.0 : need to remove /auth from the gocloak endpoint path

[ksingh7]

Describe the bug Upon hitting any of the API calls i am getting error

404 Not Found: RESTEASY003210: Could not find resource for full path: http://localhost:8080/auth/realms/dev/protocol/openid-connect/token

To Reproduce Steps to reproduce the behavior:

1. Keycloak Version 17.0.1
2. gocloak version 11.0.2
3. Hit the gocloak api (any method)

jwt, err := keycloakClient.Login(
		kCTX,
		kCreds.clientId,
		kCreds.clientSecret, kCreds.realm,
		kCreds.username, kCreds.password,
	)

FYI direct CURL on keyckoak works fine

Expected behavior We should able to successfully authenticatae using gocloak method Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS] MacOS
• Browser [e.g. chrome, safari] Chrome

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context Important : Starting 17.0+ version of Keycloak, there's a change in endpoints as per the official documentation, you need to omit /auth from the endpoint. We need a mechanism in gocloak to omit \admin

[ksingh7]

@Nerzal i would like to thank you for this wonderful Go Library. With this bug i wanted to bring it to your notice that gocloak endpoints are broken with latest version of keycloak (17.0). gocloak API uses an additional \auth in the route path that needs to be omited in order for it to work with keycloak v 17.0

[ksingh7]

More Info https://keycloak.discourse.group/t/using-curl-or-postman-results-in-could-not-find-resource-for-full-path/13638

[mbecker]

Hi,

see https://github.com/Nerzal/gocloak/issues/252 how to change the endpoint`s paths.

Fully example for Keycloak 17:

package main

import (
	"context"
	"crypto/tls"
	"fmt"

	gocloak "github.com/Nerzal/gocloak/v11"
)

var URL string = "https://127.0.0.1:8443"

func main() {

	realm := "master"
	clientID := "my-resource-server"
	clientSecret := "***"

	client := gocloak.NewClient(URL, gocloak.SetAuthAdminRealms("admin/realms"), gocloak.SetAuthRealms("realms"))
	restyClient := client.RestyClient()
	restyClient.SetDebug(true)
	restyClient.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
	ctx := context.Background()
	token, err := client.LoginClient(ctx, clientID, clientSecret, realm)
	if err != nil {
		panic("Login failed:" + err.Error())
	}
	fmt.Println(token)
}

[Howard3]

thanks @mbecker I can confirm this works.

[maitredede]

Hi,

I am using Keycloak 18 with lib v11.1.0. I have updated the options for the path change. The GetUserInfo works, but not the GetServerInfo : still 404. The source code shows hardcoded "auth" in makeURL call :smile:

[tjarkmeyer]

I found this in the migrating to quarkus guide:

Default context path changed By default, the new Quarkus distribution removes /auth from the context-path. To re-introduce the /auth use the http-relative-path build option. For example:

bin/kc.[sh|bat] start-dev --http-relative-path /auth

https://www.keycloak.org/migration/migrating-to-quarkus

[ricardogayer]

Thanks mbecker for share this solutions!

[Nerzal]

We've created a ticket to address this problem at my workplace. This will be resolved soon :)

[Nerzal]

Heyho everyone, here is an update:

I managed to pack this into a Task in the new sprint at work. Also lots of nice people contributed lots of new features <3 thank you everyone!

I'm using the time at work to merge and test on the dev branch and then pack a new big release within the next days