[keycloak-user] 401 http status instead of 203 in case of unauthorized access to specific route

Radovan Kuka kuka.radovan at gmail.com
Fri May 3 03:43:47 EDT 2019


Hello all,
I am new to keycloak and I tryed to use keycloak-connect to protect routes on my server. From my SPA, I make a fetch call to the server route that uses protect middleware. In case of unauthenticated user, keycloak-connect returns redirect to login page (302 with location header). Problem is that, original request was fetch and 302 causes that, browser will call GET request for keycloak login page. This will not cause full browser redirect to that login page. Wouldn't it be better to send 401 Unauthorized and let browser to handle redirect itself? Or am I doing something wrong?

This is related part in my code.

const keycloakConfig = {
  authServerUrl: application.SERVER_URL,
  clientId: application.CLIENT_ID,
  realm: application.REALM,
  public: true
};

const keycloak = new Keycloak({ cookies: true }, keycloakConfig);

app.use(
  keycloak.middleware({
    logout: '/logout'
  })
);

// Use routes
app.use('/api/v1/', keycloak.protect(), api);


Thank you for any help.
Radovan



More information about the keycloak-user mailing list