Keycloak Bearer only nodejs adapter returns 403

Question

i'm running keycloak 15.0.2 together with a react application and a node-js backend service in kubernetes.

I have 2 clients, one is public (react-frontend) and the other one is bearer-only (service-backend), nothing fancy.

Now i'm logging in and getting the token:

Then I'm Requesting a resource from the backend via GET Method:

export const apiSlice = createApi({
  
  reducerPath: 'api',
  baseQuery: fetchBaseQuery({
    baseUrl: "https://example.com/api",
    prepareHeaders(headers){
      headers.set('Accept', 'application/x-www-form-urlencoded');
      headers.set('Authorization', 'bearer ' + keycloak.token)
      return headers;
    }
  }),
  endpoints(builder){
    return{
      fetchListings: builder.query({
        query: () => '/listings/'
      }),
...

Backend-Client-Install json

{
  "realm": "MyRealm",
  "bearer-only": true,
  "auth-server-url": "https://auth.example.com/auth/",
  "ssl-required": "external",
  "resource": "listings-backend",
  "verify-token-audience": true,
  "use-resource-role-mappings": true,
  "confidential-port": 0
}

I always get a 403 access denied answer. Same with Postman.

If i remove keycloak.protect() everything works fine.

score 0 · Answer 1 · answered Nov 19 '21 at 17:15

0

Ok guys, now after struggling some days with this problem, the whole time the roles in the front-end client resulted in the 403 access denied error.

After deleting all roles, it worked.

answered Nov 19 '21 at 17:15

Memo

21
2

Keycloak Bearer only nodejs adapter returns 403

1 Answers1