Hi Bruno,
Thanks for the response. Good to know debug logging is planned.
As you know "trust proxy" is already part of expressjs documentation[1].
> Maybe worth to add pointers to this documentation, instead of duplicate
> the information.
Are you saying "trust proxy" should not be mentioned at all in Keycloak
docs?
I'm not suggesting Keycloak has a duplicate of express docs, but it should
definitely mention it and link to the page. Keycloak requires "trust proxy"
to be "true" for almost any Node.js application since they usually run
behind a proxy, and currently the only place this setting is mentioned is
the last comment in a GitHub issue[1].
Just my 2 cents based on the experience I had working working with the
Keycloak templates, and eventually my own app.
Sure, let's do this Evan. If you get the chance, please submit a change
to
Thanks for the feedback.
[1] -
https://github.com/keycloak/keycloak-nodejs-connect/pull/5#issuecomment-3...
On Thu, Aug 29, 2019 at 11:00 AM Bruno Oliveira <bruno(a)abstractj.org> wrote:
> Hi Evan, my apologies for the late reply. For logging, we have a Jira
> for it:
https://issues.jboss.org/browse/KEYCLOAK-5393. But we didn't
> have the time to work on it.
>
> As you know "trust proxy" is already part of expressjs documentation[1].
> Maybe worth to add pointers to this documentation, instead of duplicate
> the information. And about the example, I'd just leave it as is, adding
> comments to the code may give people the false impression that's
> something specific to Keycloak.
>
>
> [1] -
https://expressjs.com/en/guide/behind-proxies.html
>
> On 2019-08-07, Evan Shortiss wrote:
> > Hi folks,
> >
> > I was working on Keycloak Node.js demo this morning and couldn't figure
> out
> > why it was incorrectly constructing my *redirect_uri* for a public
> client.
> > Instead of using HTTPS it was using HTTP - my application was served over
> > HTTPS.
> >
> > I thought it was might be a bug in keycloak-connect, but turns out it's
> > related to the "trust proxy" setting in express. This is fine, it
makes
> > sense to use standard Node.js/Express environment settings to manage
> this 👍
> >
> > My question is: should debug logging be added in the adapter to help
> debug
> > such issues? If I could have run my project with a
> > *DEBUG=keycloak-connect* environment
> > variable set and had logs such as those below it could have been helpful.
> >
> > I think it's also worth adding commented a line to the Node.js example(s)
> > with "trust proxy" set to "true", and a comment above
explaining you need
> > to uncomment it if behind a reverse proxy. I'm not sure if the various
> Java
> > example(s) require a similar setting/comment.
> >
> > When I Googled I didn't find any hits in the Keycloak docs for
"reverse
> > proxy" so might be worth a docs update too?
> >
> > keycloak-connect:protect - creating login url
> > keycloak-connect:protect - incoming request.protocol is "http"
> > keycloak-connect:protect - WARNING request.protocol is "http" but
> > "x-forwarded-proto"
> > is "https", "trust proxy" setting might be incorrectly set
> > keycloak-connect:protect - login url is $SOME_URL
> >
> > --
> >
> > Evan Shortiss
> >
> > Technical Marketing Manager
> >
> > Red Hat NA <
https://www.redhat.com/>
> >
> > Los Angeles
> >
> > evan.shortiss(a)redhat.com
> > M: +1-781-354-2834 IM: evanshortiss
> > <
https://www.redhat.com/>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> --
>
> abstractj
>
--
Evan Shortiss
Technical Marketing Manager
Red Hat NA <
https://www.redhat.com/>
Los Angeles
evan.shortiss(a)redhat.com
M: +1-781-354-2834 IM: evanshortiss
<
https://www.redhat.com/>