[keycloak-user] Nodejs adapter - session object not persisting redirect_uri

Robert Parker robert.parker at weareact.com
Wed Aug 30 11:55:16 EDT 2017 

Hi,

I am trying to use the nodejs adapter with my express application and I am encountering issues when the adapter tries to exchange my user's authorization code for an access token.

I have been debugging the calls made from the adapter library, and can see after the user has been authorised, an obtainFromCode function is invoked in the grant-manager module (keycloak-auth-utils\lib\grant-manager.js) and in particular there is the following line of code present:

redirect_uri: request.session ? request.session.auth_redirect_uri : {}

Adding a breakpoint to this, I can see a session object is present on the request object, but there is no auth_redirect_uri property present.

This ends up sending an empty redirect_uri param in the POST request being made to my keycloak server, and I get back an invalid_code error. I can replicate the same behaviour if I make the requests using Postman, and can fix and get an access token back if I set to the correct redirect_uri as configured against my client in the keycloak admin portal.

I can see in the initial request sent out when first authorising the user that this contains a redirect_uri query string param also.

I have my node express application using a mongoDB session store (using express-session), so am using the same store when configuring keycloak with my express app instance. I followed the example in the keycloak-nodejs-connect library here<https://github.com/keycloak/keycloak-nodejs-connect/blob/master/example/index.js>

Can anyone suggest what may be going on for me here, why this redirect_uri is not being set on the session object so it can be read in my the nodejs adapter library?

Thanks

  *   Rob

________________________________
Robert Parker - Front End Developer
Applied Card Technologies Ltd
Cardiff Office
14 St Andrews Crescent
Caerdydd
Cardiff
CF10 3DD
+44 (0) 2922 331860

Robert.Parker at weareACT.com
www.weareACT.com<http://www.weareact.com>

Registered in England : 04476799
________________________________
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside Northern Ireland, England and Wales).

The views expressed in this email are not necessarily the views of Applied Card Technologies Ltd. The company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
[http://www.weareact.com/media/11610/email_footer_tree.gif]Please consider the environment before printing this email.
________________________________

More information about the keycloak-user mailing list