[keycloak-user] nodejs kc adapter: Grant validation failed. Reason: invalid token (expired)

Mehdi Sheikhalishahi mehdi.alishahi at gmail.com
Fri Sep 22 08:26:46 EDT 2017


Hi

I have implemened an specific authorization policy by nodejs kc adapter to
control access to a service.

I get 302 http status code (that gets redirected to keycloak for security
check), but it fails due to keycloak authorization/authentication check
with keycloak. I have extended the lifespan of tokens, but no success.

Here is browser console.

XMLHttpRequest cannot load
http://aam.testest.io/auth/realms/watersense/protocol/openid-connect/auth?cl…ated%2CservicePath%2C*%26auth_callback%3D1&scope=openid&response_type=code.
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
login-status-iframe.html:53 XHR finished loading: GET "
http://aam.testest.io/auth/realms/watersense/protocol/openid-connect/login-s
…-iframe.html/init?client_id=dashboard&origin=http%3A%2F%2Flocalhost%3A3000".


------Nodejs console------------
Validate grant failed
Grant validation failed. Reason: invalid token (expired)

-----------Code-------------
    const keycloak = new Keycloak("../keycloak.json");

 function servicePathProtection(accessLevel, getServicePath) {
        return keycloak.protect((token, req) => {
            const permissions = extractPermissions(req);
            const servicePath = getServicePath(req).toUpperCase();


More information about the keycloak-user mailing list