Closed g4laura closed 1 year ago
Thanks for the report @g4laura. Can you please provide the complete request you are making, and how it is configured? Also, do you see any errors in the logs?
Thank you for the quick reply.
My request is a POST request in the form of
{{keycloakUrl}}/realms/{{realmName}}/magic-link
{
"username": "{{username}}",
"client_id": "{{clientId}}",
"redirect_uri":"{{redirectUri}}"
}
where keycloak url is the url of my deployed keycloak hostname which runs on AWS ECS with Fargate, Aurora Servers mySQL compatible database, and an application load balancer. And a bearer token with a client access token (with the appropriate service account permissions)
It works when I run it locally and it worked remotely up until last night, when the endpoint started returning 403 errors. It seems that request is forbidden before it can reach the endpoint, because it isn't returning 401 as it does if a POST request is made with an invalid access token.
Since it is working locally, and not on your server, can you check that your service account on your remote still has manage-users
? The only case in which this method will return a 403 is if that permission is not present for the user in the token.
https://github.com/p2-inc/keycloak-magic-link/blob/main/src/main/java/io/phasetwo/keycloak/magic/resources/MagicLinkResource.java#L30
Also, if you can post the full request and response (e.g. using something like a curl -vv
) that might help determine if it is the keycloak extension, or something in front of it that is blocking the request.
Oh thank you! It was something if front of the request, there is a WAF that blocked access, it was allowing requests yesterday but it started blocking. Thank you for responding, apologies, the error was on my end.
I had magic link configured and working correctly, but now the entire endpoint is returning a 403. I had this happen before when I changed a keycloak hostname, but this time I did not.