获取 "Invalid parameter: redirect_uri" 尝试 NODE.JS 使用 KeyCloak 进行身份验证
Getting "Invalid parameter: redirect_uri" trying NODE.JS authentication with KeyCloak
我正在使用 Node.JS (express) 和一个名为 keycloak-connect 的 NPM 连接到 keycloak 服务器。
当我按照描述实施默认机制来保护路由时:
app.get( '/about', keycloak.protect(), function(req,resp) {
resp.send( 'Page: ' + req.params.page + '<br><a href="/logout">logout</a>');
} );
我确实提到了 keycloak,但出现以下错误:“无效参数:redirect_uri”
我的查询字符串是:(xx 用于演示)
https://xx.xx.xx.xx:8443/auth/realms/master/protocol/openid-connect/auth?client_id=account&state=aa11b27a-8a0b-4a3b-89dc-cb8a303dbde8&redirect_uri=http%3A%2F%2Flocalhost%3A3002%2Fabout%3Fauth_callback%3D1&response_type=code
我的keycloak.json是:(xx用于演示)
{
"realm": "master",
"realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS00kUaH6OoERNSkFUwxEBxx2SsqmHu9oVQiPs6nlP9fNQm0cK2lpNPphbLzooZL6kivaC4VzXg20F3zY7jRDc4U/XHgXjZVZUXxJ0NeCI5ESDo00EV9xh9XL3xvXslmG0YLWpywtQSYc+XcGDkz87edokbHQIIlQc2sgoVKIKpajZyrI5wnyMhL8JSk+Mdo2T9DeNnZxPkauiKBwWFJReBO51gsoZ49cbD39FRa8pLi8W0TtXoESIf/eGUSdc3revVFR7cjzHUzxF0p0WrLsTA1aBCLkt8yhnq88NqcKsW5mkxRmhLdw20ODTdsmRtm68rjtusMwifo/dZLJ9v5eQIDAQAB",
"auth-server-url": "https://xx.xx.xx.xx:8443/auth",
"ssl-required": "external",
"resource": "account",
"credentials": {
"secret": "9140d4e6-ed05-4899-a3c0-a9cf94ab407d"
},
"use-resource-role-mappings": true
}
密钥斗篷配置:
我猜你在客户端设置选项卡中为客户端 URL 添加了一个端口。
例如
root url: https://demo.server.biz:443/cxf
只需删除端口
root url: https://demo.server.biz/cxf
Valid Redirect URIs和Web Origins
也是一样
1 次更新
2 用你的 url
更新
我不知道你是否会继续怀疑,但我必须通过以下方式使用 https 调用配置节点服务器:
var fs = require('fs');
var https = require('https');
.....
const HOST = 'your_site.com';
const PORT = process.env.PORT || 3001;
const key = fs.readFileSync('./certs/private.pem');
const cert = fs.readFileSync('./certs/public.pem');
const https_options = {
key: key,
cert: cert
};
var serverKeycloak = https.createServer(https_options, appKeyCloak);
serverKeycloak.listen(PORT, HOST);
...
然后适配器会自动将 https
发送到 keycloak
我正在使用 Node.JS (express) 和一个名为 keycloak-connect 的 NPM 连接到 keycloak 服务器。
当我按照描述实施默认机制来保护路由时:
app.get( '/about', keycloak.protect(), function(req,resp) {
resp.send( 'Page: ' + req.params.page + '<br><a href="/logout">logout</a>');
} );
我确实提到了 keycloak,但出现以下错误:“无效参数:redirect_uri”
我的查询字符串是:(xx 用于演示)
https://xx.xx.xx.xx:8443/auth/realms/master/protocol/openid-connect/auth?client_id=account&state=aa11b27a-8a0b-4a3b-89dc-cb8a303dbde8&redirect_uri=http%3A%2F%2Flocalhost%3A3002%2Fabout%3Fauth_callback%3D1&response_type=code
我的keycloak.json是:(xx用于演示)
{
"realm": "master",
"realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS00kUaH6OoERNSkFUwxEBxx2SsqmHu9oVQiPs6nlP9fNQm0cK2lpNPphbLzooZL6kivaC4VzXg20F3zY7jRDc4U/XHgXjZVZUXxJ0NeCI5ESDo00EV9xh9XL3xvXslmG0YLWpywtQSYc+XcGDkz87edokbHQIIlQc2sgoVKIKpajZyrI5wnyMhL8JSk+Mdo2T9DeNnZxPkauiKBwWFJReBO51gsoZ49cbD39FRa8pLi8W0TtXoESIf/eGUSdc3revVFR7cjzHUzxF0p0WrLsTA1aBCLkt8yhnq88NqcKsW5mkxRmhLdw20ODTdsmRtm68rjtusMwifo/dZLJ9v5eQIDAQAB",
"auth-server-url": "https://xx.xx.xx.xx:8443/auth",
"ssl-required": "external",
"resource": "account",
"credentials": {
"secret": "9140d4e6-ed05-4899-a3c0-a9cf94ab407d"
},
"use-resource-role-mappings": true
}
密钥斗篷配置:
我猜你在客户端设置选项卡中为客户端 URL 添加了一个端口。
例如
root url: https://demo.server.biz:443/cxf
只需删除端口
root url: https://demo.server.biz/cxf
Valid Redirect URIs和Web Origins
1 次更新
2 用你的 url
更新我不知道你是否会继续怀疑,但我必须通过以下方式使用 https 调用配置节点服务器:
var fs = require('fs');
var https = require('https');
.....
const HOST = 'your_site.com';
const PORT = process.env.PORT || 3001;
const key = fs.readFileSync('./certs/private.pem');
const cert = fs.readFileSync('./certs/public.pem');
const https_options = {
key: key,
cert: cert
};
var serverKeycloak = https.createServer(https_options, appKeyCloak);
serverKeycloak.listen(PORT, HOST);
...
然后适配器会自动将 https
发送到 keycloak