search

Denoder / nuxt-module-alternatives

Alternative modules to use while waiting for Nuxt 3 Compatibility
MIT License
144 stars 14 forks source link

Keycloak oauth2 standard flow gives 415 #94

Closed wagpa closed 2 years ago

wagpa commented 2 years ago

When using the following configuration, i get a HTTP 415.

keycloak: {
  scheme: 'oauth2',
  endpoints: {
    authorization: `${process.env.KEYCLOAK_HOST}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/auth`,
    token: `${process.env.KEYCLOAK_HOST}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
    userInfo: `${process.env.KEYCLOAK_HOST}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/userinfo`,
    logout: `${process.env.KEYCLOAK_HOST}/auth/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/logout`
  },
  token: {
    property: 'access_token',
    type: 'Bearer',
  },
  codeChallengeMethod: 'S256',
  scope: ['openid'],
  accessType: 'offline',
  responseType: 'code',
  clientId: process.env.KEYCLOAK_CLIENT_ID,
  grantType: 'authorization_code',
},
Access to fetch at 'https://xxx/auth/realms/xxx/protocol/openid-connect/token' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
POST https://xxx/auth/realms/xxx/protocol/openid-connect/token net::ERR_FAILED 415

I already checked, that localhost is a valid redirect url and web origin.

Similar to #89, but i already updated.

"nuxt": "3.0.0-rc.11"
"@nuxtjs-alt/auth": "^2.0.19",
"@nuxtjs-alt/http": "^1.3.15",
"@nuxtjs-alt/proxy": "^1.3.4",
"@pinia/nuxt": "^0.4.3",
maximilianmaihoefner commented 2 years ago

In #89 I was using the oidcSchema instead of the OAuth2 one, for me the openIDConnect Schema works with "@nuxtjs-alt/auth": "^2.0.20" and Keycloak 19.0.3. So you might want to try that instead as a workaround (it should just be replacing oauth2 with openIDConnect in your Auth Config). I'm not familiar with the OAuth2 Spec but it might be that it also requires to send the data to the token endpoint as application/x-www-form-urlencoded.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

wagpa commented 2 years ago

Thanks for the idea. For now, I had to switch to another lib that (more or less) works. As soon as i have the time, i will have another go at it.

Denoder commented 2 years ago

In #89 I was using the oidcSchema instead of the OAuth2 one, for me the openIDConnect Schema works with "@nuxtjs-alt/auth": "^2.0.20" and Keycloak 19.0.3. So you might want to try that instead as a workaround (it should just be replacing oauth2 with openIDConnect in your Auth Config). I'm not familiar with the OAuth2 Spec but it might be that it also requires to send the data to the token endpoint as application/x-www-form-urlencoded.

been looking at multiple api documentations regarding oauth2, and they all seem to use application/x-www-form-urlencoded when requesting an access token.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.