v-ladynev / keycloak-nodejs-example

A simply step by step Keycloak, MySQL and Node.js integration tutorial. There are some docker examples as well.
292 stars 101 forks source link

Custom Login #1

Open ullakhan opened 7 years ago

ullakhan commented 7 years ago

I have upload the shared json file to the Keycloak server for the CAMPAIGN_REALM and

I am able to login to the server with the NOrmal login with which redirects to the Keycloak Login Page.

I have problem while to login to the server with Custom Login for the username: admin_user and passwiord: admin_user.

The below error i am getting at the server side.

http://localhost:8080/auth/realms/CAMPAIGN_REALM/protocol/openid-connect/certs { keys: [ { kid: 'FBfZzrTszXORm6TnVB05RWnV6OpnZYb2aX8kJFr_ZpM', kty: 'RSA', alg: 'RS256', use: 'sig', n: 'yUO8jLzyWVbW906qQN7DcQmWqnSTstpjJ-VQivC_Yilk1EH-EMj79iOqdMlSaa_T2zO1bZKbjfKBaM28ICT9VzPBRSde0GKQlucxrKdLmESHSJYlHnaPw49YYCBehUvY07wmw2naETXRz-1LbG_iyANCnZkSID8JCL0roBWHhlL5u5WMAnApWLQO2JSl1UcYYr5Souqq0yBytt6HtTpDq4BakPMLq9au8FlniZ-4XAIVZGK6pXc7XZTBJEeU_fLio4IQGt3VpJVhI8RIekXeHrmN-W-DNi1J2n4NMSrY7DqoRvyDQcBkxVZnnhZkhTBiaGFZFqhTZVVqAth4yW8uow', e: 'AQAB' } ] } validate id token went wrong (node:3640) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 4): TypeError: Cannot set property 'store' of undefined ::ffff:127.0.0.1 - - [04/Oct/2017:19:15:19 +0000] "GET /customLoginEnter?login=admin_user&password=admin_user HTTP/1.1" - - "http://localhost:3000/customLogin" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0" admin_user admin_user validate id token went wrong (node:3640) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 7): TypeError: Cannot set property 'store' of undefined

Please note that i have not configured the MYSQL data base.

v-ladynev commented 7 years ago

@ullakhan Please do these steps:

  1. Update your fork of keycloak-nodejs-example or clone my repository directly.
  2. Run npm update, if you will update project, because of I have changed the versions of the modules.
  3. If you will still have the error set a breakpoint at this line https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/app.js#L79. And check, can you reach this line of the code or not.

Also you can check custom login request using Postman or curl https://github.com/v-ladynev/keycloak-nodejs-example#what-happens-with-custom-login

edwint88 commented 6 years ago

you don't need both credentials in plain text and secret header. One of them suffice.

v-ladynev commented 6 years ago

@edwint88 Was it for me? Please clarify if so :)

edwint88 commented 6 years ago

you have this call:

curl -X POST \ http://localhost:8080/auth/realms/CAMPAIGN_REALM/protocol/openid-connect/token \ -H 'authorization: Basic Q0FNUEFJR05fQ0xJRU5UOjZkOTc5YmU1LWNiODEtNGQ1Yy05ZmM3LTQ1ZDFiMGM3YTc1ZQ==' \ -H 'content-type: application/x-www-form-urlencoded' \ -d 'client_id=CAMPAIGN_CLIENT&username=admin_user&password=admin_user&grant_type=password'

and you can do that either so:

curl -X POST \ http://localhost:8080/auth/realms/CAMPAIGN_REALM/protocol/openid-connect/token \ -H 'authorization: Basic Q0FNUEFJR05fQ0xJRU5UOjZkOTc5YmU1LWNiODEtNGQ1Yy05ZmM3LTQ1ZDFiMGM3YTc1ZQ==' \ -H 'content-type: application/x-www-form-urlencoded'\ -d 'grant_type=confidential'

or so

curl -X POST \ http://localhost:8080/auth/realms/CAMPAIGN_REALM/protocol/openid-connect/token \ -H 'content-type: application/x-www-form-urlencoded'\ -d 'client_id=CAMPAIGN_CLIENT&username=admin_user&password=admin_user&grant_type=password'

and still get the tokens. You don't need to pass both information. The only thing is to care how you configure the client 'confidential' or 'public'

v-ladynev commented 6 years ago

@edwint88 Thank you very much. I will check that.

v-ladynev commented 6 years ago

@edwint88 Your assumption is not correct. We need to provide the authorization header and user's login with password.

  1. I configured CAMPAIGN_CLIENT as confidential.
  2. I need to provide a secret code in the authorization header for such confidential client : authorization: Basic BASE64(clientId + ':' + secret)
  3. I need to provide user's login and password to get a token for that user.
edwint88 commented 6 years ago

that makes no sense, please check: https://tools.ietf.org/html/rfc6749. I also tested that locally vs a standard keycloak and for me worked as I said, maybe you have other settings that influences that.

v-ladynev commented 6 years ago

@edwint88 Yes. I configured a client as confidential. So I have to provide secret.