[keycloak-user] Why use keycloak-nodejs-connect instead of general OID client?

Sebastien Blanc sblanc at redhat.com
Wed Apr 26 04:05:00 EDT 2017 

(including the mailing list again)
tbh I'm not sure this is related to keycloak, isn't just a matter of using
the right IPs exposed by the container in your keycloak.json files  ?

On Tue, Apr 25, 2017 at 6:25 PM, Alex Berg <chexxor at gmail.com> wrote:

> Here's my problem:
>
> I'm running keycloak, mysql, and my JS app locally in docker containers.
> From inside the container, keycloak is accessible at "keycloak:8080", but
> outside the container (from the browser on localhost), it's available at
> "localhost:8080". My "keycloak.json" file has "auth-server-url" =
> "localhost:8080", so when JS app gets the OIDC authorization token in a
> callback, the Keycloak middleware in my JS app tries to get an access token
> by requesting the auth token to "localhost:8080", but this request fails
> because localhost isn't serving on that port - the "keycloak" container is.
>
> On Sat, Apr 22, 2017 at 2:08 PM, Alex Berg <chexxor at gmail.com> wrote:
>
>> I can't find docs which answer the basic question of what it does and how
>> it is supposed to work. After spending a week trying to discover these
>> answers for myself by reading it's code, I still can't get it to work, so I
>> am curious what I would lose my using a better documented library. Thanks
>> for that answer!
>>
>> I'm doing a SPA-ish app and want to track session on a cookie, and this
>> library does exactly that, but knowing how the redirects should work and
>> what the responses should be is pretty tricky. The errors indicate deeper
>> complexity than just "install this middleware and the rest just works".
>>
>> I can make a PR for doc improvements. I know one of the errors I was
>> seeing is a response of "invalid authorization token", but I don't know why
>> that would be. I can only make a JIRA ticket if I know the problem isn't my
>> lack of knowledge.
>>
>> On Apr 22, 2017 02:32, "Sebastien Blanc" <sblanc at redhat.com> wrote:
>>
>>>
>>>
>>> On Fri, Apr 21, 2017 at 8:16 PM, Alex Berg <chexxor at gmail.com> wrote:
>>>
>>>> I am trying to install the keycloak-nodejs-connect middleware into my
>>>> app.
>>>> It isn't working well, so of course I'm thinking of trying a different
>>>> openid-connect client library.
>>>>
>>> What doesn't work well ? Have you opened tickets for this ?
>>>
>>>>
>>>> What does the keycloak-nodejs-connect library do that other
>>>> openid-connect
>>>> client libraries doesn't do? It looks like one unique thing is that it
>>>> listens for a logout request to be sent from the keycloak admin console,
>>>> but I'm not sure as docs don't exist.
>>>>
>>> It also handles the admin backend channel for revocation, it handles
>>> public key rotation retrieval, role-based authorization. This is documented
>>> in the docs that exists https://keycloak.gitbooks.io/d
>>> ocumentation/content/securing_apps/topics/oidc/nodejs-adapter.html
>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>

More information about the keycloak-user mailing list