wtrocki
commented
2 years ago I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas
Open andreaTP opened 2 years ago
wtrocki
commented
2 years ago I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas
rkpattnaik780
commented
2 years ago I think we should go with additional flag to skip it as removing it can break stuffs.
I think we can remove auth. Problem is that we break others like kas installer. Adding additional flag to skip it sounds like hack. @rkpattnaik780 do you have some ideas
rkpattnaik780
commented
2 years ago Hi @andreaTP
I am getting a client not found error while trying to login with the CLI, in the browser.
andreaTP
commented
2 years ago @rkpattnaik780 sorry for the confusion, please use the version from the branch enable-cli-on-k8s, https://github.com/andreaTP/srs-fleet-manager/tree/enable-cli-on-k8s/dist/k8s-dev
Description
Version:
0.48.0rohas logincommand already works against new versions of Keycloak, but the token refresh fails because it injects/authinto the URL path (which is no anymore mandatory since Quarkus distribution).For example, after running a login like:
We receive the error:
Steps to reproduce
rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cliExpected vs actual behaviour
The CLI should respect the URL without injecting
/auth.Workaround
Is currently possible to workaround this issue by setting the retro-compatibility option:
KC_HTTP_RELATIVE_PATH: /authhttps://github.com/andreaTP/srs-fleet-manager/blob/b2fe84f373c33ff32f5ecf7b4f42b31fcc48b3fc/dist/k8s-dev/keycloak.yaml#L47-L48