NodeJs 和 Keycloak 集成给出 403?
NodeJs and Keycloak Integration giving 403?
我刚刚从这个 Github 中获取了演示代码
所以我改变了 keycloak-config.json
var keycloakConfig ={
clientId: 'my-api',
bearerOnly: true,
serverUrl: 'https://<IPADDRESS>:8443/auth/',
realm: 'myrealm',
credentials: {
secret: '99e71ca7-f25b-40b5-87ed-0af2656b52ac'
}
};
现在要首先访问 api 端点,我将生成令牌
在上述令牌的帮助下,我正在尝试安全访问 API
但它会失败并显示错误
403: Access Denied
这是代码
router.get('/user', keycloak.protect(), function(req, res){
res.send("Hello User");
});
连这个也一样
router.get('/user', keycloak.protect('user'), function(req, res){
res.send("Hello User");
});
我关注了 this link 这个演示代码
在我找到解决方案后我也看到了评论,我的解决方案和评论匹配所以我们必须进行以下更改,代替 credentials 我们必须使用 realmPublicKey
var keycloakConfig ={
clientId: 'my-api',
bearerOnly: 'true',
serverUrl: 'https://<IPADDRESS>:8443/auth/',
realm: 'myrealm',
sslRequired: 'external',
realmPublicKey: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGpeNPTzIA0SpqWtOU27C3lCdHkLzWiYc3voiBZvvZdvk4wW96JymHlX2b0weDnkYfurxIRehRA0sLK8w2vjb3X9TdKOcsiQzHlWDQuA3Wu7WeDGcvv8dyDk+bMOSkqn7bMlOUm6CXxA7RrjKuDj8mseqabXNjnPgAPL6MQOWtO4RFMdPQX11fYShXrK9ELS3CqN3RrXBazzwNsreKxfuMtR4vtZCVJHYaZZMiLmWU1G5Xsh/tHje2AVLPkt3ncchyKsrkCdP9PWsYK5dMkKsDbA03JOq7azDDlhqgT2pUNB3dZ1b9sKQXqPC6ZSieVJcm6WAj8DJcjoYOgZjgm2/8X1fwIDAQAB',
};
只需添加@Evil_skunk写的内容
do you get some additional errors on the nodejs side? otherwise I can
just do some wild guessing ;-) you are accessing keycloak over https,
is the used cert trusted by nodejs? if you send an access_token to
nodejs, this token need to be validated with the realms public key.
this key is normally fetched from a kc-ednpoint, maybe this isn't
possible in your case
在您的 KeyCloak 配置变量中,您可以使用 credentials 而不是 realmPublicKey。
我刚刚从这个 Github 中获取了演示代码
所以我改变了 keycloak-config.json
var keycloakConfig ={
clientId: 'my-api',
bearerOnly: true,
serverUrl: 'https://<IPADDRESS>:8443/auth/',
realm: 'myrealm',
credentials: {
secret: '99e71ca7-f25b-40b5-87ed-0af2656b52ac'
}
};
现在要首先访问 api 端点,我将生成令牌
在上述令牌的帮助下,我正在尝试安全访问 API
但它会失败并显示错误
403: Access Denied
这是代码
router.get('/user', keycloak.protect(), function(req, res){
res.send("Hello User");
});
连这个也一样
router.get('/user', keycloak.protect('user'), function(req, res){
res.send("Hello User");
});
我关注了 this link 这个演示代码
在我找到解决方案后我也看到了评论,我的解决方案和评论匹配所以我们必须进行以下更改,代替 credentials 我们必须使用 realmPublicKey
var keycloakConfig ={
clientId: 'my-api',
bearerOnly: 'true',
serverUrl: 'https://<IPADDRESS>:8443/auth/',
realm: 'myrealm',
sslRequired: 'external',
realmPublicKey: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGpeNPTzIA0SpqWtOU27C3lCdHkLzWiYc3voiBZvvZdvk4wW96JymHlX2b0weDnkYfurxIRehRA0sLK8w2vjb3X9TdKOcsiQzHlWDQuA3Wu7WeDGcvv8dyDk+bMOSkqn7bMlOUm6CXxA7RrjKuDj8mseqabXNjnPgAPL6MQOWtO4RFMdPQX11fYShXrK9ELS3CqN3RrXBazzwNsreKxfuMtR4vtZCVJHYaZZMiLmWU1G5Xsh/tHje2AVLPkt3ncchyKsrkCdP9PWsYK5dMkKsDbA03JOq7azDDlhqgT2pUNB3dZ1b9sKQXqPC6ZSieVJcm6WAj8DJcjoYOgZjgm2/8X1fwIDAQAB',
};
只需添加@Evil_skunk写的内容
do you get some additional errors on the nodejs side? otherwise I can just do some wild guessing ;-) you are accessing keycloak over https, is the used cert trusted by nodejs? if you send an access_token to nodejs, this token need to be validated with the realms public key. this key is normally fetched from a kc-ednpoint, maybe this isn't possible in your case
在您的 KeyCloak 配置变量中,您可以使用 credentials 而不是 realmPublicKey。