run locally

[bwithai]

I want to use this example locally without docker https://fastapi-keycloak.code-specialist.com/full_example/ but this give me this error message

• client_secret = client > client_id > credential > Secret
• admin_client_secret = admin_cli > credential > Secret

and please specify that fastapi_keycloak will work for new keycloak version 17

The error message is

(venv) (base) sana@sana:/office/My Projects/keycloak_implementation$ uvicorn main:app --reload --port 8001 INFO: Will watch for changes in these directories: ['/office/My Projects/keycloak_implementation'] INFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit) INFO: Started reloader process [18160] using watchgod Process SpawnProcess-1: Traceback (most recent call last): File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap self.run() File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run self._target(*self._args, self._kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started target(sockets=sockets) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/server.py", line 60, in run return asyncio.run(self.serve(sockets=sockets)) File "/usr/lib/python3.8/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "uvloop/loop.pyx", line 1501, in uvloop.loop.Loop.run_until_complete File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/server.py", line 67, in serve config.load() File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/config.py", line 458, in load self.loaded_app = import_from_string(self.app) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/importer.py", line 21, in import_from_string module = importlib.import_module(module_str) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import File "", line 991, in _find_and_load File "", line 975, in _find_and_load_unlocked File "", line 671, in _load_unlocked File "", line 848, in exec_module File "", line 219, in _call_with_frames_removed File "/office/My Projects/keycloak_implementation/./main.py", line 7, in idp = FastAPIKeycloak( File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 129, in init self._get_admin_token() # Requests an admin access token on startup File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 288, in _get_admin_token response = requests.post(url=self.token_uri, headers=headers, data=data) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/api.py", line 117, in post return request('post', url, data=data, json=json, kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/sessions.py", line 515, in request prep = self.prepare_request(req) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/sessions.py", line 443, in prepare_request p.prepare( File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/models.py", line 318, in prepare self.prepare_url(url, params) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/models.py", line 392, in prepare_url raise MissingSchema(error) requests.exceptions.MissingSchema: Invalid URL 'None': No scheme supplied. Perhaps you meant http://None?

[yannicschroeer]

Hi @bwithai,

It seems like the token_endpoint is missing in your OIDC config. Could you please paste the content of your Keycloak's OIDC config? (/auth/realms/[REALM]/.well-known/openid-configuration) for confirmation?

As for your question regarding Keycloak v17, there are no known issues with v17 yet. We didn't fully test it though.

[xXx-caillou-xXx]

Hi,

I'm running keycloak in docker using versions quay.io/keycloak/keycloak:17.0.1 and the openid-configuration endpoint is at /realms/[REALM]/.well-known/openid-configuration, so it just can't work when setting up as in the example in the doc (which the server_url contains /auth).

Also, a good feature would be able to disable the admin part of the module and just use the user part.

[bwithai]

@yannicschroeercschroe thanks for your fast replay here is OIDC config token_endpoint show

How to fix this

{ "issuer": "http://localhost:8080/auth/realms/myrealm", "authorization_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth", "token_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token", "introspection_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token/introspect", "userinfo_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/userinfo", "end_session_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/logout", "frontchannel_logout_session_supported": true, "frontchannel_logout_supported": true, "jwks_uri": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/certs", "check_session_iframe": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/login-status-iframe.html", "grant_types_supported": [ "authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "urn:openid:params:grant-type:ciba" ], "response_types_supported": [ "code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token" ], "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "id_token_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "id_token_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "userinfo_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "request_object_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "request_object_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "request_object_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "response_modes_supported": [ "query", "fragment", "form_post", "query.jwt", "fragment.jwt", "form_post.jwt", "jwt" ], "registration_endpoint": "http://localhost:8080/auth/realms/myrealm/clients-registrations/openid-connect", "token_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "introspection_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "introspection_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "authorization_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "claims_supported": [ "aud", "sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email", "acr" ], "claim_types_supported": [ "normal" ], "claims_parameter_supported": true, "scopes_supported": [ "openid", "roles", "offline_access", "email", "phone", "profile", "address", "web-origins", "microprofile-jwt" ], "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "code_challenge_methods_supported": [ "plain", "S256" ], "tls_client_certificate_bound_access_tokens": true, "revocation_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/revoke", "revocation_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "revocation_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "device_authorization_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth/device", "backchannel_token_delivery_modes_supported": [ "poll", "ping" ], "backchannel_authentication_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/ciba/auth", "backchannel_authentication_request_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "ES256", "RS256", "ES512", "PS256", "PS512", "RS512" ], "require_pushed_authorization_requests": false, "pushed_authorization_request_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/par/request", "mtls_endpoint_aliases": { "token_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token", "revocation_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/revoke", "introspection_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token/introspect", "device_authorization_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth/device", "registration_endpoint": "http://localhost:8080/auth/realms/myrealm/clients-registrations/openid-connect", "userinfo_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/userinfo", "pushed_authorization_request_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/par/request", "backchannel_authentication_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/ciba/auth" } }

[yannicschroeer]

Okay, so with these facts in mind; for now I don't think we can support Keycloak v17 with little effort without losing the backward compatibility. I have to suggest using Keycloak v16 for now

[bwithai]

It's v16 but still token_endpoint give this error

please give me some clue if you know how to deal with it

[yannicschroeer]

I can't figure out your problem with this information. But I would assume you're having a Keycloak issue, not an issue with our package, we can't support you with Keycloak.