I'm trying to access protected by Keycloak url - /hello in the browser.
The url is served by the node.js app
This error is thrown by the following code:
after the following sequence of actions:
1) adding client and user to keycloak to KeyCloak master realm
2) protecting express node.js app's url:
var Keycloak = require('keycloak-connect');
let kcConfig = {
clientId: 'test_ui',
// secret : "d31c4718-12e9-407b-9bf2-cb72734a23f0",
public: true,
serverUrl: https://127.0.0.1/auth,
resource: "test_ui",
realm: 'master'
}
var session = require('express-session');
var memoryStore = new session.MemoryStore()
var keycloak = new Keycloak( {store : memoryStore}, kcConfig);
this.app.use(session({
secret: 'mySecret',
// resave: false,
// saveUninitialized: true,
store: memoryStore
}));
this.app.use( keycloak.middleware() );
this.app.get( '/hello', keycloak.protect());
3) accessing the protected url in the browser, being redirected to Keycloak login screen, authenticating... then ther error is popped.
The following sequence of requests is seen in the wireshark:
/auth/realms/master/protocol/openid-connect/auth?client_id=test_ui&state=504b250d-8616-4685-8c8d-5032713c883a&redirect_uri=https://127.0.0.1/hello/auth_callback&scope=openid&response_type=code
after the authentication in login screen:
/auth/realms/master/login-actions/authenticate?session_code=TwhsWxUig85PFHfiv-31OTHQl3aApD6z0lMdOr8hgDc&execution=d58a2cad-2be2-4797-b35a-d7b606945b14&client_id=test_ui&tab_id=ywQfz51qnM0
I thought about adding sslRequired: "none" to kcConfig, but doing
seems to have no effect.
Tried to use also confidential client instead of the public one to no avail.
package.json contents:
"express": "4.16.2",
"keycloak-connect" : "4.3.0",
"express-session" : "1.15.6"
Keycloak 4.3 is used.
What is the cause of the issue and how to fix this error?
Update
Added process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
to node.js app following response in Keycloak mailing list and now getting error:
Could not obtain grant code: 401:Unauthorized
