Hi,
given this example application
https://github.com/bucharest-gold/nodejs-rest-http-secured , there is 1
endpoint "/api/greeting", it is protected with the basic keycloak-connect
setup.
https://github.com/bucharest-gold/nodejs-rest-http-secured/blob/master/ap...
If we run this locally, with "npm start", and just curl that endpoint,
"curl
http://localhost:3000/api/greeting" it will return with a 403.
There was an issue raised that it should be a 401,
https://github.com/bucharest-gold/nodejs-rest-http-secured/issues/52
The way this comment makes it sound,
https://github.com/keycloak/keycloak-nodejs-connect/blob/master/index.js#...
is
that the 403 is correct
If we look at the complimentary vert.x and swarm examples,
https://github.com/openshiftio-vertx-boosters/vertx-secured-http-booster and
https://github.com/wildfly-swarm-openshiftio-boosters/wfswarm-rest-http-s...
a similar curl will result in a 401 when not logged in.
I'm just wondering if that 403 the node adapter is correct and if so, why
does it differ from the other runtimes
-Luke