500 Error on custom authentication callback (keycloak)

RomanPanaget commented 2 years ago

Describe the bug

Error HTTP 500 on Custom authentication (Keycloak) callback. No logs provided by Azure Static Webapp.

The /auth call passes and redirects to the callback but then I have a timeout and a 500 error.

staticwebapp.config.json

{
  "routes": [
    {
      "route": "/*",
      "allowedRoles": ["authenticated"]
    }
  ],
  "navigationFallback": {
    "rewrite": "/index.html"
  },
  "responseOverrides": {
    "401": {
      "redirect": "/.auth/login/keycloak",
      "statusCode": 302
    }
  },
  "auth": {
    "identityProviders": {
      "customOpenIdConnectProviders": {
        "keycloak": {
          "registration": {
            "clientIdSettingName": "CLIENT_ID",
            "clientCredential": {
              "clientSecretSettingName": "CLIENT_SECRET"
            },
            "openIdConnectConfiguration": {
                "wellKnownOpenIdConfiguration": "https://keycloakinstance.com/auth/realms/myrealm/.well-known/openid-configuration"
            }
          },
          "login": {
            "nameClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
            "scopes": ["openid", "offline_access", "email"],
            "loginParameterNames": []
          }
        }
      }
    }
  }
}

@mkarmark or someone from azure, would you mind checking on your end what's happening ? It is so annoying to not have any logs of what is happening with authentication... I can DM you the static webapp URL, don't want to put it here publicly

mkarmark commented 2 years ago

Hi, the 500s appear to be due to an invalid token endpoint configured on your app. Can you confirm that it is in fact valid?

RomanPanaget commented 2 years ago

Hi @mkarmark , the token endpoint is taken from my well known so I guess it's correct

Azure / static-web-apps

500 Error on custom authentication callback (keycloak) #920