Keycloak nodejs adapter denies access even for empty roles

Slaus · May 9, 2021, 6:27am

I’m trying to secure my Node.js app with keycloak-connect, but after successful login Keycloak responds with 403 Access denied. Specified list of roles is empty:

app.all(
    '/',
    keycloak.protect(),
    (req,res) => res.send('Secured Express + TypeScript Server'),
)

Keycloak configured in most basic way: just realm, client and user added:

Master → Add realm → Name: kingdom
Clients → Create → Client ID: nodejs
Clients → nodejs → Settings:
- Access Type: confidential
- Valid Redirect URIs: *

I’ve build minimal complete project which can be run with single ./run.sh command.

Could you please give me a hint on what Keycloak configuration I’m missing? Thanks in advance.

Slaus · May 10, 2021, 4:10am

It was docker<->keycloak-connect misunderstanding issue: keycloak-connect talks to Keycloak directly (without issuing redirects) and when it fails (it does because Keycloak container isn’t accessible from Node.js container through localhost) it issues Access denied response.

I specified network_mode: host docker setting for Node.js container so that keycloak-connect now can access Keycloak internally.

Topic		Replies	Views
Getting access denied for role based authentication for nodejs API Configuring the server authentication	2	1973	November 14, 2021
NodeJS Adapter Authentication seems not working, 403 Access Denied Configuring the server authentication	7	6219	November 14, 2022
Keycloak sends 403 Access Denied with NodeJS Adapter Securing applications adapter-nodejs	10	8009	November 3, 2021
User logged in but, access denied thrown by node adapter adapter-nodejs	0	730	February 4, 2020
Letting keycloak-connect in node.js and client side javascript collaborate? Securing applications	0	563	December 19, 2019

Keycloak nodejs adapter denies access even for empty roles

Related topics