[keycloak-user] Why use keycloak-nodejs-connect instead of general OID client?

Alex Berg chexxor at gmail.com
Wed Apr 26 09:58:45 EDT 2017


Ah, email is tricky.
Yeah, yeah it could be that, but I've tried various values for the auth
server and still problems. I'll keep working on it.

Thanks!

On Apr 26, 2017 03:05, "Sebastien Blanc" <sblanc at redhat.com> wrote:

> (including the mailing list again)
> tbh I'm not sure this is related to keycloak, isn't just a matter of using
> the right IPs exposed by the container in your keycloak.json files  ?
>
> On Tue, Apr 25, 2017 at 6:25 PM, Alex Berg <chexxor at gmail.com> wrote:
>
>> Here's my problem:
>>
>> I'm running keycloak, mysql, and my JS app locally in docker containers.
>> From inside the container, keycloak is accessible at "keycloak:8080", but
>> outside the container (from the browser on localhost), it's available at
>> "localhost:8080". My "keycloak.json" file has "auth-server-url" =
>> "localhost:8080", so when JS app gets the OIDC authorization token in a
>> callback, the Keycloak middleware in my JS app tries to get an access token
>> by requesting the auth token to "localhost:8080", but this request fails
>> because localhost isn't serving on that port - the "keycloak" container is.
>>
>> On Sat, Apr 22, 2017 at 2:08 PM, Alex Berg <chexxor at gmail.com> wrote:
>>
>>> I can't find docs which answer the basic question of what it does and
>>> how it is supposed to work. After spending a week trying to discover these
>>> answers for myself by reading it's code, I still can't get it to work, so I
>>> am curious what I would lose my using a better documented library. Thanks
>>> for that answer!
>>>
>>> I'm doing a SPA-ish app and want to track session on a cookie, and this
>>> library does exactly that, but knowing how the redirects should work and
>>> what the responses should be is pretty tricky. The errors indicate deeper
>>> complexity than just "install this middleware and the rest just works".
>>>
>>> I can make a PR for doc improvements. I know one of the errors I was
>>> seeing is a response of "invalid authorization token", but I don't know why
>>> that would be. I can only make a JIRA ticket if I know the problem isn't my
>>> lack of knowledge.
>>>
>>> On Apr 22, 2017 02:32, "Sebastien Blanc" <sblanc at redhat.com> wrote:
>>>
>>>>
>>>>
>>>> On Fri, Apr 21, 2017 at 8:16 PM, Alex Berg <chexxor at gmail.com> wrote:
>>>>
>>>>> I am trying to install the keycloak-nodejs-connect middleware into my
>>>>> app.
>>>>> It isn't working well, so of course I'm thinking of trying a different
>>>>> openid-connect client library.
>>>>>
>>>> What doesn't work well ? Have you opened tickets for this ?
>>>>
>>>>>
>>>>> What does the keycloak-nodejs-connect library do that other
>>>>> openid-connect
>>>>> client libraries doesn't do? It looks like one unique thing is that it
>>>>> listens for a logout request to be sent from the keycloak admin
>>>>> console,
>>>>> but I'm not sure as docs don't exist.
>>>>>
>>>> It also handles the admin backend channel for revocation, it handles
>>>> public key rotation retrieval, role-based authorization. This is documented
>>>> in the docs that exists https://keycloak.gitbooks.io/d
>>>> ocumentation/content/securing_apps/topics/oidc/nodejs-adapter.html
>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>
>


More information about the keycloak-user mailing list