app-services-cli icon indicating copy to clipboard operation
app-services-cli copied to clipboard
verified publisher icon redhat-developer

Support Keycloak Quarkus distribution

Open andreaTP opened this issue 3 years ago • 4 comments

Description

Version: 0.48.0

rohas login command already works against new versions of Keycloak, but the token refresh fails because it injects /auth into the URL path (which is no anymore mandatory since Quarkus distribution).

For example, after running a login like:

rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli

We receive the error:

Could not find resource for full path: http://localhost:8083/auth/realms/demo-apicurio/protocol/openid-connect/token.

Steps to reproduce

  1. Install this apicurio infrastructure on local Kubernetes (e.g. minikube) https://github.com/bf2fc6cc711aee1a0c2a/srs-fleet-manager/tree/feat/hackathon/dist/k8s-dev#start-multitenant-apicurio-registry-infrastructure-for-kubernetes-dev-mode
  2. run login: rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli
  3. receive the error.

Expected vs actual behaviour

The CLI should respect the URL without injecting /auth.

Workaround

Is currently possible to workaround this issue by setting the retro-compatibility option: KC_HTTP_RELATIVE_PATH: /auth

https://github.com/andreaTP/srs-fleet-manager/blob/b2fe84f373c33ff32f5ecf7b4f42b31fcc48b3fc/dist/k8s-dev/keycloak.yaml#L47-L48

andreaTP avatar Aug 09 '22 13:08 andreaTP

I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas

wtrocki avatar Aug 09 '22 20:08 wtrocki

I think we should go with additional flag to skip it as removing it can break stuffs.

I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas

rkpattnaik780 avatar Aug 10 '22 06:08 rkpattnaik780

Hi @andreaTP I am getting a client not found error while trying to login with the CLI, in the browser.

rkpattnaik780 avatar Aug 10 '22 06:08 rkpattnaik780

@rkpattnaik780 sorry for the confusion, please use the version from the branch enable-cli-on-k8s, https://github.com/andreaTP/srs-fleet-manager/tree/enable-cli-on-k8s/dist/k8s-dev

andreaTP avatar Aug 10 '22 07:08 andreaTP