keycloak-nodejs-connect:无法获得授权代码:400:错误请求
Mar*_*arc 5 jboss node.js express keycloak
设置:
我试图让keycloak-connect 库的演示代码运行,但失败了。
这是我所做的:
- 下载并独立启动keycloak 4.7,设置管理员用户和密码
- 创建一个基本的公共客户端
- 创建用户
- 在 webstorm 中创建一个基本的 express 应用程序
- 相关文件:
索引.js
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
var session = require('express-session');
var Keycloak = require('keycloak-connect');
var memoryStore = new session.MemoryStore();
let keycloak = new Keycloak({ store: memoryStore });
var indexRouter = require('./routes/index');
var usersRouter = require('./routes/users');
var app = express();
app.set('trust proxy', 1); // trust first proxy
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true },
store: memoryStore
}));
app.use( keycloak.middleware() );
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.get('/$', function(req, res) {
res.write('<a href="/secure">Secure</a>');
res.end();
});
app.get( '/secure', keycloak.protect('realm:master'), function(req, res){
//Edit: keycloak.protect() gives the same result
res.write("Yo!");
res.end();
});
// catch 404 and forward to error handler
app.use(function(req, res, next) {
next(createError(404));
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
keycloak.json(复制/粘贴)
{
"realm": "master",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "test",
"public-client": true,
"confidential-port": 0
}
包.json
{
"name": "keycloak-test",
"version": "0.0.0",
"private": true,
"scripts": {
"start": "node ./bin/www"
},
"dependencies": {
"cookie-parser": "~1.4.3",
"debug": "~2.6.9",
"express": "~4.16.0",
"express-session": "^1.15.6",
"http-errors": "~1.6.2",
"keycloak-connect": "^4.7.0",
"morgan": "~1.9.0",
"pug": "2.0.0-beta11"
}
}
问题:
在访问时http://localhost:3000/secure,我被重定向到 keycloak 登录表单,可以使用演示用户的用户凭据登录。
然后我被重定向回/secure,该网站Access denied显示403 forbidden响应代码。keycloak 控制台说
16:44:56,691 WARN [org.keycloak.events] (default task-8)
type=CODE_TO_TOKEN_ERROR,
realmId=master,
clientId=test,
userId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,
ipAddress=127.0.0.1,
error=invalid_code,
grant_type=authorization_code,
code_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,
client_auth_method=client-secret
node.js 控制台显示Could not obtain grant code: 400:Bad Request.
我究竟做错了什么?
/secure您正在使用名为的领域角色来保护您的资源master
app.get( '/secure', keycloak.protect('realm:master')
您需要创建主角色并分配给,demouser如下所示
| 归档时间: |
|
| 查看次数: |
4688 次 |
| 最近记录: |