keycloak-nodejs-connect icon indicating copy to clipboard operation
keycloak-nodejs-connect copied to clipboard

Published 20 hours ago verified publisher icon keycloak

Cannot load example protected resource

Open DurandA opened this issue 2 years ago • 2 comments

Describe the bug

After starting the docker image and adding the realm via the import button and uploading nodejs-example-realm.json, I can login but I cannot access the protected route and receive "Access Denied".

Version

Keycloak 17.0.1

Expected behavior

Result and Access Granted Event

Actual behavior

Access denied

How to Reproduce?

Add the realm via the import button and uploading nodejs-example-realm.json

npm link ../
npm install
npm start

Open the browser at http://localhost:3000/ and login with username: 'user', and password: 'password'.

click protected route

Anything else?

This is a duplicate of #310 which was closed. However, I think the example configuration (nodejs-example-realm.json) should be adapted so it works without further configuration.

DurandA avatar Apr 06 '22 16:04 DurandA

Same here and tried a few things without success:

  • Downgrade node.js to version 9
  • Include in claim aud the client
  • Weborigins and redirect uri are * (I know that this is a bad idea but after success I can reconnfigure them)

I can obtain an access_token in an iOS app and then when I send the request to the resource with the basic keycloak.protect() method the result is access denied.

Keycloak is running in Docker but node is running in the host machine.

charlykno64 avatar May 19 '22 23:05 charlykno64

@charlykno64, @DurandA the realm creation needs a few addition for the permission to work.

The gist has the updates.

Added client roles "client": { "nodejs-apiserver": [ { "name": "user", "clientRole": true }, { "name": "admin", "clientRole": true } ], "nodejs-connect": [] }

Added policy to authorization "policies": [ { "name": "Default Policy", "description": "A policy that grants access only for users within this realm", "type": "role", "config": { "roles": "[{\"id\":\"user\",\"required\":false},{\"id\":\"nodejs-apiserver/admin\",\"required\":false},{\"id\":\"nodejs-apiserver/user\",\"required\":false},{\"id\":\"admin\",\"required\":false}]" } }, { "name": "Default Permission", "description": "A permission that applies to the default resource type", "type": "resource", "config": { "resources": "[\"resource\"]", "applyPolicies": "[\"Default Policy\"]" } } ]

Added scope to authorization "scopes": [ { "name": "write" }, { "name": "view" } ]

ujwalparker avatar Jul 12 '22 13:07 ujwalparker