[keycloak-dev] Question on Node.js adapter - Wrong response code when not logged in, maybe

Luke Holmquist lholmqui at redhat.com
Mon Mar 5 21:25:43 EST 2018


Hi,

given this example application
https://github.com/bucharest-gold/nodejs-rest-http-secured , there is 1
endpoint "/api/greeting", it is protected with the basic keycloak-connect
setup.
https://github.com/bucharest-gold/nodejs-rest-http-secured/blob/master/app.js#L49


If we run this locally, with "npm start", and just curl that endpoint,
"curl http://localhost:3000/api/greeting" it will return with a 403.

There was an issue raised that it should be a 401,
https://github.com/bucharest-gold/nodejs-rest-http-secured/issues/52

The way this comment makes it sound,
https://github.com/keycloak/keycloak-nodejs-connect/blob/master/index.js#L232
is
that the 403 is correct


If we look at the complimentary vert.x and swarm examples,
https://github.com/openshiftio-vertx-boosters/vertx-secured-http-booster and

https://github.com/wildfly-swarm-openshiftio-boosters/wfswarm-rest-http-secured


a similar curl will result in a 401 when not logged in.


I'm just wondering if that 403 the node adapter is correct and if so, why
does it differ from the other runtimes


-Luke


More information about the keycloak-dev mailing list