Closed bwithai closed 2 years ago
Hi @bwithai,
It seems like the token_endpoint
is missing in your OIDC config. Could you please paste the content of your Keycloak's OIDC config? (/auth/realms/[REALM]/.well-known/openid-configuration
) for confirmation?
As for your question regarding Keycloak v17, there are no known issues with v17 yet. We didn't fully test it though.
Hi,
I'm running keycloak in docker using versions quay.io/keycloak/keycloak:17.0.1
and the openid-configuration endpoint is at /realms/[REALM]/.well-known/openid-configuration
, so it just can't work when setting up as in the example in the doc (which the server_url
contains /auth
).
Also, a good feature would be able to disable the admin part of the module and just use the user part.
@yannicschroeercschroe thanks for your fast replay here is OIDC config token_endpoint show
How to fix this
{ "issuer": "http://localhost:8080/auth/realms/myrealm", "authorization_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth", "token_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token", "introspection_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token/introspect", "userinfo_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/userinfo", "end_session_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/logout", "frontchannel_logout_session_supported": true, "frontchannel_logout_supported": true, "jwks_uri": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/certs", "check_session_iframe": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/login-status-iframe.html", "grant_types_supported": [ "authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "urn:openid:params:grant-type:ciba" ], "response_types_supported": [ "code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token" ], "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "id_token_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "id_token_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "userinfo_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "request_object_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "request_object_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "request_object_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "response_modes_supported": [ "query", "fragment", "form_post", "query.jwt", "fragment.jwt", "form_post.jwt", "jwt" ], "registration_endpoint": "http://localhost:8080/auth/realms/myrealm/clients-registrations/openid-connect", "token_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "introspection_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "introspection_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "authorization_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "claims_supported": [ "aud", "sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email", "acr" ], "claim_types_supported": [ "normal" ], "claims_parameter_supported": true, "scopes_supported": [ "openid", "roles", "offline_access", "email", "phone", "profile", "address", "web-origins", "microprofile-jwt" ], "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "code_challenge_methods_supported": [ "plain", "S256" ], "tls_client_certificate_bound_access_tokens": true, "revocation_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/revoke", "revocation_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "revocation_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "device_authorization_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth/device", "backchannel_token_delivery_modes_supported": [ "poll", "ping" ], "backchannel_authentication_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/ciba/auth", "backchannel_authentication_request_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "ES256", "RS256", "ES512", "PS256", "PS512", "RS512" ], "require_pushed_authorization_requests": false, "pushed_authorization_request_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/par/request", "mtls_endpoint_aliases": { "token_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token", "revocation_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/revoke", "introspection_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token/introspect", "device_authorization_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/auth/device", "registration_endpoint": "http://localhost:8080/auth/realms/myrealm/clients-registrations/openid-connect", "userinfo_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/userinfo", "pushed_authorization_request_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/par/request", "backchannel_authentication_endpoint": "http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/ext/ciba/auth" } }
Okay, so with these facts in mind; for now I don't think we can support Keycloak v17 with little effort without losing the backward compatibility. I have to suggest using Keycloak v16 for now
It's v16 but still token_endpoint give this error
please give me some clue if you know how to deal with it
I can't figure out your problem with this information. But I would assume you're having a Keycloak issue, not an issue with our package, we can't support you with Keycloak.
I want to use this example locally without docker https://fastapi-keycloak.code-specialist.com/full_example/ but this give me this error message![error at line 7](https://user-images.githubusercontent.com/76056239/163342087-cd44b612-cf3a-48e7-92c8-537f06d6ff98.png)
and please specify that fastapi_keycloak will work for new keycloak version 17
The error message is
(venv) (base) sana@sana:/office/My Projects/keycloak_implementation$ uvicorn main:app --reload --port 8001 INFO: Will watch for changes in these directories: ['/office/My Projects/keycloak_implementation'] INFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit) INFO: Started reloader process [18160] using watchgod Process SpawnProcess-1: Traceback (most recent call last): File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap self.run() File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run self._target(*self._args, self._kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started target(sockets=sockets) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/server.py", line 60, in run return asyncio.run(self.serve(sockets=sockets)) File "/usr/lib/python3.8/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "uvloop/loop.pyx", line 1501, in uvloop.loop.Loop.run_until_complete File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/server.py", line 67, in serve config.load() File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/config.py", line 458, in load self.loaded_app = import_from_string(self.app) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/importer.py", line 21, in import_from_string module = importlib.import_module(module_str) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/office/My Projects/keycloak_implementation/./main.py", line 7, in
idp = FastAPIKeycloak(
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 129, in init
self._get_admin_token() # Requests an admin access token on startup
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 288, in _get_admin_token
response = requests.post(url=self.token_uri, headers=headers, data=data)
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/api.py", line 117, in post
return request('post', url, data=data, json=json, kwargs)
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/sessions.py", line 515, in request
prep = self.prepare_request(req)
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/sessions.py", line 443, in prepare_request
p.prepare(
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/models.py", line 318, in prepare
self.prepare_url(url, params)
File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/models.py", line 392, in prepare_url
raise MissingSchema(error)
requests.exceptions.MissingSchema: Invalid URL 'None': No scheme supplied. Perhaps you meant http://None?