search

code-specialist / fastapi-keycloak

Keycloak integration for Python FastAPI
https://fastapi-keycloak.code-specialist.com/
Apache License 2.0
192 stars 49 forks source link

password -> tokenUrl none is not an allowed value #96

Closed arminus closed 1 year ago

arminus commented 1 year ago

I'm trying to set this up for a FastAPI which should authenticate against an existing Keycloak 17.0.1 server which I've customized according to https://fastapi-keycloak.code-specialist.com/keycloak_configuration/

FastAPI 0.95.0, fastapi-keycloak latest

During startup of the FastAPI server I get this stacktrace:

  File "/home/jovyan/app/main.py", line 93, in <module>
    def current_users(user: OIDCUser = Depends(idp.get_current_user())):
                                               ^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/lib/python3.11/site-packages/fastapi_keycloak/api.py", line 244, in get_current_user
    token: OAuth2PasswordBearer = Depends(self.user_auth_scheme),
                                          ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/lib/python3.11/functools.py", line 1001, in __get__
    val = self.func(instance)
          ^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/lib/python3.11/site-packages/fastapi_keycloak/api.py", line 223, in user_auth_scheme
    return OAuth2PasswordBearer(tokenUrl=self.token_uri)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/conda/lib/python3.11/site-packages/fastapi/security/oauth2.py", line 151, in __init__
    flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 1 validation error for OAuthFlows
password -> tokenUrl
  none is not an allowed value (type=type_error.none.not_allowed)

server_url is set to https://<server>:8443/realms/<realm>/protocol/openid-connect/auth

I see no option to configure the tokenUrl, with our keycloak server we configure as https://<server>:8443/realms/<realm>/protocol/openid-connect/token for other clients.

(I've also used the suggestion in #60 to avoid issues with the admin_cli which I don't need in that FastAPI server)

yannicschroeer commented 1 year ago

Hey @arminus unfortunately we abandoned developing this when the Keycloak API stability got worse and worse. The time we stopped has been with v15, so I can only confirm this package is working with v15. Your issue is most likely related to another breaking change.

yannicschroeer commented 1 year ago

We're open to Pull Requests, if you want to provide one.

arminus commented 1 year ago

Ok, thanks for the quick response. We'll have a look into the code then.

arminus commented 1 year ago

Actually, the suggestion in https://github.com/code-specialist/fastapi-keycloak/issues/40#issuecomment-1189885336 gets me past that issue so I'll close this.