Comments (7)
Okey!!! I missed something... my bad
Service Accounts Roles was added to test-client instead of admin-cli.
from fastapi-keycloak.
Mhh, that's weird. Seems like no token was issued. Did you save and import the realm-export.json as described in the docker compose yaml? I can't reproduce the error with the setup provided in the quickstart
from fastapi-keycloak.
Yes I created a brand new reals name Test
and imported the file on realm creation.
My keycloak lives on port 8080 and my app on port 8081.
Docker images used:
jboss/keycloak:16.1.0
postgres:12
Here is my docker-compose.yml
:
version: '3'
networks:
default:
external: true
name: maggiesfarm
services:
db_keycloak:
container_name: maggiesfarm_db_keycloak
image: postgres:12
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
container_name: maggiesfarm_keycloak
image: jboss/keycloak:16.1.0
# image: quay.io/keycloak/keycloak:latest
command:
- "-b 0.0.0.0 -Dkeycloak.profile.feature.upload_scripts=enabled"
environment:
DB_VENDOR: POSTGRES
DB_ADDR: db_keycloak
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- db_keycloak
volumes:
postgres_data:
driver: local
Somethin weird appeared on first keycloak login by fastapi and I needed to regenerate the "Client" secret and reported its new value in code:
app = FastAPI()
idp = FastAPIKeycloak(
server_url="http://localhost:8080/auth",
client_id="test-client",
client_secret="z9vH17vqCWhngPj3IIEK5fTfePAdkR6e", # <<< new generated token for test-client
admin_client_secret="hwBLV11xaGvkeQ24xLLzsASNFNPri9t4", # <<< new generated token for admin-cli
realm="Test",
callback_uri="http://localhost:8081/callback"
)
from fastapi-keycloak.
Before this step, with the intial copy/paste from your doc I had:
Traceback (most recent call last):
File "/home/germainlef/.local/share/virtualenvs/auth-keycloak-WIW7vmvr/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 285, in _get_admin_token
self.admin_token = response.json()['access_token']
KeyError: 'access_token'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "try_fastapi-keycloak.py", line 10, in <module>
idp = FastAPIKeycloak(
File "/home/germainlef/.local/share/virtualenvs/auth-keycloak-WIW7vmvr/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 125, in __init__
self._get_admin_token() # Requests an admin access token on startup
File "/home/germainlef/.local/share/virtualenvs/auth-keycloak-WIW7vmvr/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 289, in _get_admin_token
raise KeycloakError(reason=f"The response did not contain an access_token: {response.json()}", status_code=403)
fastapi_keycloak.exceptions.KeycloakError: HTTP 403: The response did not contain an access_token: {'error': 'unauthorized_client', 'error_description': 'Invalid client secret'}
That's why I regerated the token
from fastapi-keycloak.
Please try to alter your docker compose yaml as follows:
volumes:
- ./realm-export.json:/opt/jboss/keycloak/imports/realm-export.json
command:
- "-b 0.0.0.0 -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.import=/opt/jboss/keycloak/imports/realm-export.json"
You currently do not bind or import the config files. If you do not want to use our predefined config, please alter your realms admin-cli
client:
- Service Accounts enabled
- Full Scope Allowed
- Service Accounts Roles: all available roles for
account
andrealm_management
as described in keycloak configuration.
However, thanks for opening this issue. It clearly shows that the error messages need a lot of improvement regarding explicity and exception handling in general.
from fastapi-keycloak.
Thanks, @germainlefebvre4 I had the same error. These are the configurations required on admin-cli
from fastapi-keycloak.
Absolutly!
I have scripted this part to avoid hands mistakes
from fastapi-keycloak.
Related Issues (20)
- realmRoles Field required HOT 4
- Why admin_client_secret? HOT 2
- Support other OAuth2 auth schemes than `OAuth2PasswordBearer`
- fastapi_keycloak.exceptions.KeycloakError: HTTP 403: {'error': 'unauthorized_client', 'error_description': 'Invalid client secret'} HOT 1
- Create clients from library HOT 1
- Question: 2FA support
- required_roles param in get_current_user method. Add OR condition
- unable to connect to keycloak server HOT 2
- The `realm-export.json` file in the documentation website needs to be updated
- fastapi-keycloak docs outdated?
- Unable to pip install from python docker images HOT 2
- Can we pass dynamic realm, client_id and client_secret params to FastAPIKeycloak class
- Cannot install from sources: distutils.errors.DistutilsOptionError: No configuration found for dynamic 'description'.
- Trying to run quickstart example, got error The 'realm_access' section of the provided access token is missing on /admin method HOT 7
- how to assign client roles to a user HOT 3
- Adde introspect token from server HOT 1
- Issue with Keycloak v20+ 'access required was not contained' HOT 4
- Refresh token HOT 2
- /protected return Not authenticated HOT 1
- password -> tokenUrl none is not an allowed value HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi-keycloak.