Open ozSoleil opened 2 years ago
I don't know much about KeyCloak In your providers.json, it looks like you've writing your own strategy module": "/usr/src/app/server/boot/oidcCompatibleStrategy"
but it don't see evidence of that in the stack trace, so maybe it's not getting invoked?
Edit, I see that this module is there because of #614 now.
The error message makes me think that pssport code is looking for an access_token in the URL that it gets in a redirect from KeyCloak and it's not there. Your image shows part of the url, but not the full url.
Looking at scicat/backend/node_modules/passport-openidconnect/lib/strategy.js
, I think this is the case.
@ozSoleil it seems like you're using an older versin of the Backend if everything is mounted in /usr/src/app
instead of /home/node/app
. I'm trying to get Keycloak Auth working, too, and I get a little further. For me it seems like the authentication succeeded and all the information is populated in the user but then I still get Authorization Required
Error.
Issue Name
Can't connect using Keycloak OIDC
Summary
Hi everyone, @nitrosx I am trying to set up scicat for use at Soleil with KeycloakOIDC login enabled but I get an error after the authentification part.
Steps to Reproduce
Current Behaviour
I don't get correctly redirected and instead got a 500 error message on browser. When i look into my backend container i got this error:
Expected Behaviour
Authentification succeded and redirected to user page
Extra Details
Providers.json: "keycloak": { "provider": "oidc", "authScheme": "openid connect", "module": "/usr/src/app/server/boot/oidcCompatibleStrategy", "authPath": "/auth/keycloak", "successRedirect": "https://catanie-test.synchrotron-soleil.fr/user", "failureRedirect": "https://catanie-test.synchrotron-soleil.fr/login", "failureFlash": true, "session": false, "issuer": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat", "authorizationURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/auth", "tokenURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/token", "userInfoURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/userinfo", "clientID": "xxxxxxxxxxxxxx", "clientSecret": "xxxxxxxxxxxxxx", "callbackURL": "https://catamel-test.synchrotron-soleil.fr/auth/keycloak/callback", "proxy": "http://195.221.0.34:8080", "scope": ["email", "profile", "openid"] } I think it's linked to the configuration linked to the keycloak realm that I'm using