keycloak multi login

[VivianBass]

In SIAgro we have 7 different Zendro instances for each project and we need to have users and roles defined for each of them.

Ideally, if a user has a username USER and have access to different instances, we wish to have the same username with different roles in each instance, e.g. in instance_1 it could have editor permissions and in instance_2 could have read permissions only.

For now, if a single keycloak service is created to manage everything in the same place, we can automatically login in all instances without asking for credentials again in other instances (unexpected behavior because not all users will have access to all instances).

On the other hand, if we create independent keycloak services for each instance, it does ask for credentials, but in both (1. same keycloak service and 2. different keycloak services) if we have the same username in the instances, the next error appears sometimes:

Error: connect ECONNREFUSED 10.5.0.11.4000

What we need is to be able to have the same username in different instances so a user doesn't have to remember 4, 5 or 6 different usernames.

[VivianBass]

Possible solution: change role names in keycloak for each instance.

• I changed the names in ./graphql-server/utils/setup-keycloak.js
• I'm getting this error when try to login in spa. This happens when the login keycloak interface of instance 1 is open, login in instance 2 and return to instance 1 and try to login. If I click the button "Sign in with zendro" I can login. This will be very unlikely to happen in the normal workflow because a user doesn't make these changes of interfaces when trying to login:

[next-auth][error][JWT_SESSION_ERROR] 
https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
  message: 'decryption operation failed',
  stack: 'JWEDecryptionFailed: decryption operation failed\n' +
    '    at gcmDecrypt (/usr/single-page-app/node_modules/jose/dist/node/cjs/runtime/decrypt.js:67:15)\n' +
    '    at decrypt (/usr/single-page-app/node_modules/jose/dist/node/cjs/runtime/decrypt.js:92:20)\n' +
    '    at flattenedDecrypt (/usr/single-page-app/node_modules/jose/dist/node/cjs/jwe/flattened/decrypt.js:119:52)\n' +
    '    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n' +
    '    at async compactDecrypt (/usr/single-page-app/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:18:23)\n' +
    '    at async jwtDecrypt (/usr/single-page-app/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:23)\n' +
    '    at async Object.decode (/usr/single-page-app/node_modules/next-auth/jwt/index.js:64:7)\n' +
    '    at async Object.session (/usr/single-page-app/node_modules/next-auth/core/routes/session.js:41:28)\n' +
    '    at async NextAuthHandler (/usr/single-page-app/node_modules/next-auth/core/index.js:96:27)\n' +
    '    at async NextAuthNextHandler (/usr/single-page-app/node_modules/next-auth/next/index.js:21:19)\n' +
    '    at async /usr/single-page-app/node_modules/next-auth/next/index.js:57:32\n' +
    '    at async Object.apiResolver (/usr/single-page-app/node_modules/next/dist/server/api-utils/node.js:184:9)\n' +
    '    at async NextNodeServer.runApi (/usr/single-page-app/node_modules/next/dist/server/next-server.js:397:9)\n' +
    '    at async Object.fn (/usr/single-page-app/node_modules/next/dist/server/base-server.js:473:37)\n' +
    '    at async Router.execute (/usr/single-page-app/node_modules/next/dist/server/router.js:233:32)\n' +
    '    at async NextNodeServer.run (/usr/single-page-app/node_modules/next/dist/server/base-server.js:583:29)',
  name: 'JWEDecryptionFailed'
}
[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error checks.state argument is missing {
  error: {
    message: 'checks.state argument is missing',
    stack: 'TypeError: checks.state argument is missing\n' +
      '    at Client.callback (/usr/single-page-app/node_modules/openid-client/lib/client.js:385:13)\n' +
      '    at oAuthCallback (/usr/single-page-app/node_modules/next-auth/core/lib/oauth/callback.js:112:29)\n' +
      '    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n' +
      '    at async Object.callback (/usr/single-page-app/node_modules/next-auth/core/routes/callback.js:50:11)\n' +
      '    at async NextAuthHandler (/usr/single-page-app/node_modules/next-auth/core/index.js:139:28)\n' +
      '    at async NextAuthNextHandler (/usr/single-page-app/node_modules/next-auth/next/index.js:21:19)\n' +
      '    at async /usr/single-page-app/node_modules/next-auth/next/index.js:57:32\n' +
      '    at async Object.apiResolver (/usr/single-page-app/node_modules/next/dist/server/api-utils/node.js:184:9)\n' +
      '    at async NextNodeServer.runApi (/usr/single-page-app/node_modules/next/dist/server/next-server.js:397:9)\n' +
      '    at async Object.fn (/usr/single-page-app/node_modules/next/dist/server/base-server.js:473:37)\n' +
      '    at async Router.execute (/usr/single-page-app/node_modules/next/dist/server/router.js:233:32)\n' +
      '    at async NextNodeServer.run (/usr/single-page-app/node_modules/next/dist/server/base-server.js:583:29)\n' +
      '    at async NextNodeServer.handleRequest (/usr/single-page-app/node_modules/next/dist/server/base-server.js:298:20)',
    name: 'TypeError'
  },
  providerId: 'zendro',
  message: 'checks.state argument is missing'
}
[next-auth][error][CALLBACK_OAUTH_ERROR] 
https://next-auth.js.org/errors#callback_oauth_error checks.state argument is missing TypeError: checks.state argument is missing
    at Client.callback (/usr/single-page-app/node_modules/openid-client/lib/client.js:385:13)
    at oAuthCallback (/usr/single-page-app/node_modules/next-auth/core/lib/oauth/callback.js:112:29)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Object.callback (/usr/single-page-app/node_modules/next-auth/core/routes/callback.js:50:11)
    at async NextAuthHandler (/usr/single-page-app/node_modules/next-auth/core/index.js:139:28)
    at async NextAuthNextHandler (/usr/single-page-app/node_modules/next-auth/next/index.js:21:19)
    at async /usr/single-page-app/node_modules/next-auth/next/index.js:57:32
    at async Object.apiResolver (/usr/single-page-app/node_modules/next/dist/server/api-utils/node.js:184:9)
    at async NextNodeServer.runApi (/usr/single-page-app/node_modules/next/dist/server/next-server.js:397:9)
    at async Object.fn (/usr/single-page-app/node_modules/next/dist/server/base-server.js:473:37)
    at async Router.execute (/usr/single-page-app/node_modules/next/dist/server/router.js:233:32)
    at async NextNodeServer.run (/usr/single-page-app/node_modules/next/dist/server/base-server.js:583:29)
    at async NextNodeServer.handleRequest (/usr/single-page-app/node_modules/next/dist/server/base-server.js:298:20) {
  name: 'OAuthCallbackError',
  code: undefined
}