I am a new learner and I have a small problem with roles

taha · June 29, 2025, 3:11pm

I am a new learner, and I have a small problem with roles.

This is a simple example application using Keycloak that I am learning from. I am implementing it with both a frontend and a backend.

I successfully logged in, but the backend does not allow me to access a private page. The backend is supposed to check for a realm role named myrole to grant access to the page.

The role myrole exists, and I have added it, but the backend does not verify it and seems unable to recognize it, which is causing the issue.

At the same time, the role myrole is present in the JWT.

var express = require('express');
var session = require('express-session');
var Keycloak = require('keycloak-connect');
var cors = require('cors');
var dns = require('node:dns');
const { isNumberObject } = require('node:util/types');

dns.setDefaultResultOrder('ipv4first');

var app = express();

app.use(cors());

var memoryStore = new session.MemoryStore();

app.use(session({
  secret: 'some secret',
  resave: false,
  saveUninitialized: true,
  store: memoryStore
}));

var keycloakConfig = {
  "realm": process.env.KEYCLOAK_REALM || "myrealm",
  "bearer-only": true,
  "auth-server-url": process.env.KEYCLOAK_URL || "http://localhost:8080/auth/",
  "ssl-required": "external",
  "resource": process.env.KEYCLOAK_CLIENT || "myclient",
  "confidential-port": 0
};

var keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);

app.use(keycloak.middleware());

app.get('/secured', keycloak.protect('realm:myrole'), function (req, res) {
  res.setHeader('content-type', 'text/plain');
  res.send('Secret message!');
});

app.get('/public', function (req, res) {
  res.setHeader('content-type', 'text/plain');
  res.send('Public message!');
});

app.get('/', function (req, res) {
  res.send('<html><body><ul><li><a href="/public">Public endpoint</a></li><li><a href="/secured">Secured endpoint</a></li></ul></body></html>');
});

app.listen(3000, function () {
  console.log('Started at port 3000');
});

the frontend when i try to acess invoke service which need myrole permission it does not work

The frontend does not work when I click the “Invoke Service” button, which requires the myrole permission.

taha · June 30, 2025, 9:15am

app.get('/secured', keycloak.protect('realm:myrole'), function (req, res) {
  res.setHeader('content-type', 'text/plain');
  res.send('Secret message!');
});

I want to understand why this backend cannot read 'realm:myrole'.

taha · July 4, 2025, 8:38pm

hiiiiiiiii … ?

Topic		Replies	Views
Keycloak: resource rolebased acccess management issue Getting advice	0	244	January 23, 2023
Getting access denied for role based authentication for nodejs API Configuring the server authentication	2	1967	November 14, 2021
Keycloak roles Req Securing applications authentication , user-federation , oidc , saml	0	107	April 17, 2024
Missing realm roles in access token Getting advice oidc	1	7063	October 19, 2023
Some questions about keycloak	1	158	March 25, 2024

I am a new learner and I have a small problem with roles

Related topics