[keycloak-user] Securing Node.js stateless API
Ariel Kogan
ariel at fxempire.com
Thu Oct 26 04:27:00 EDT 2017
Hi guys,
I want to secure a Node.js API with Keycloak. As a first step, I only want
to allow requests of users with an open session in Keycloak.
I've followed the guide here,
http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/nodejs-adapter.html
However I don't want to use a session store as the API is stateless. Maybe
I'm missing something here. My route looks like,
router.use('/author', keycloak.protect(), author());
And my keycloak.json is below,
{
"realm": "testrealm",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "postman-client",
"credentials": {
"secret": "123a4567-abcd-12a4-987x-bb87f8f7f621"
},
"bearerOnly": true
}
When I make a request to my Node.js API, I always receive a 403 with the
message "Access denied". Te requests look like the below,
GET /api/v1/en/author/ariel HTTP/1.1
Host: localhost:8081
Authorization: Bearer [the token I got upon authentication]
Accept: application/json
I'll appreciate any pointers on this.
Thanks,
Ariel
More information about the keycloak-user
mailing list