Cannot load example protected resource

keycloak / keycloak-nodejs-connect

Apache License 2.0

676 stars 419 forks source link

Cannot load example protected resource #367

Open DurandA opened 2 years ago

DurandA commented 2 years ago

Describe the bug

After starting the docker image and adding the realm via the import button and uploading nodejs-example-realm.json, I can login but I cannot access the protected route and receive "Access Denied".

Version

Keycloak 17.0.1

Expected behavior

Result and Access Granted Event

Actual behavior

Access denied

How to Reproduce?

Add the realm via the import button and uploading nodejs-example-realm.json

npm link ../
npm install
npm start

Open the browser at http://localhost:3000/ and login with username: 'user', and password: 'password'.

click protected route

Anything else?

This is a duplicate of #310 which was closed. However, I think the example configuration (nodejs-example-realm.json) should be adapted so it works without further configuration.

charlykno64 commented 2 years ago

Same here and tried a few things without success:

Downgrade node.js to version 9
Include in claim aud the client
Weborigins and redirect uri are * (I know that this is a bad idea but after success I can reconnfigure them)

I can obtain an access_token in an iOS app and then when I send the request to the resource with the basic keycloak.protect() method the result is access denied.

Keycloak is running in Docker but node is running in the host machine.

ujwalparker commented 2 years ago

@charlykno64, @DurandA the realm creation needs a few addition for the permission to work.

The gist has the updates.

Added client roles "client": { "nodejs-apiserver": [ { "name": "user", "clientRole": true }, { "name": "admin", "clientRole": true } ], "nodejs-connect": [] }

Added policy to authorization "policies": [ { "name": "Default Policy", "description": "A policy that grants access only for users within this realm", "type": "role", "config": { "roles": "[{\"id\":\"user\",\"required\":false},{\"id\":\"nodejs-apiserver/admin\",\"required\":false},{\"id\":\"nodejs-apiserver/user\",\"required\":false},{\"id\":\"admin\",\"required\":false}]" } }, { "name": "Default Permission", "description": "A permission that applies to the default resource type", "type": "resource", "config": { "resources": "[\"resource\"]", "applyPolicies": "[\"Default Policy\"]" } } ]

Added scope to authorization "scopes": [ { "name": "write" }, { "name": "view" } ]