exlinc / keycloak-passport Goto Github PK

Hi, I was wondering if you could help me with the following issue please?

I'm trying to implement an authentication flow using next-auth and this keycloak-passport strategy.

Both libraries work great together when I log into my keycloak instance but when I log out, I seem to be logged out on the client side. But when I try to log in again using keycloak-passport I get the Unable to sign in page from next-auth

It seems to be logging out from the client side but the session seems to be persisted on the server side. When I hit my login page directly it redirects me to the account admin section on my keycloak instance so I'm definitely still logged in on the server.

I've tried to debug the logout flow to see if I can determine the problem but none of the console.log statements I placed in the handleSignOutSubmit() function are firing.

I opened an issue on the next-auth repo here which goes into more detail.

I'd be really grateful if you could point me in the tight direction on this please

Hi, I am currently trying to use this Strategy with next-auth. I logged an issue on next-auth because the callback didn't seem to be firing for keycloak-passport. Wondering would you maybe have any insight on why it wouldn't be firing?

It's been quite some time since last update to this repo, is it still maintained?

Some of the NPM modules used have received significant updates since last update of this repo.
As this repo is about providing strong security it's important to keep up to speed with dependencies etc, so that we always used libraries where vulnerabilities are patched etc. Obvious stuff, but still.

So... here's a friendly ping to the repo owner... What's the status?

Though it is explicitly stated in the readme file, seems it requires a config information(including the realm name) be passed in when creating the KeycloakStrategy. Can someone explain how multi-realm support can be achieved with this package?

Hi,

What could be the value of the following parameters?

1. AUTH_KEYCLOAK_CALLBACK
   2/ DEFAULT_PASSPORT_OPTIONS
2. AuthController.keyCloakSuccess: where does AuthController come from?
   Thanks.

router.get('/keycloak-auth',
passport.authenticate("keycloak", DEFAULT_PASSPORT_OPTIONS)
);

router.get(
routes.AUTH_KEYCLOAK_CALLBACK,
passport.authenticate("keycloak", DEFAULT_PASSPORT_OPTIONS),
AuthController.keyCloakSuccess
);

Looking at the example in the README, no indication of needing authorizationURL is provided, but I get (truncated):

 Error: authorizationURL is required
    at /Users/ajmas/Development/myproject/node_modules/@exlinc/keycloak-passport/index.js:16:13
    at Array.forEach (<anonymous>)
    at new Strategy (/Users/ajmas/Development/myproject/node_modules/@exlinc/keycloak-passport/index.js:14:5)
    at Object.initPassport (/Users/ajmas/Development/myproject/src/middleware/passport.ts:234:18)

Looking at the source of this package, I see the following:

  [
    'host',
    'realm',
    'clientID',
    'clientSecret',
    'callbackURL',
    'authorizationURL',
    'tokenURL',
    'userInfoURL'
  ].forEach((k) => {
    if (!options[k]) {
      throw new Error(`${k} is required`);
    }
  });

Which suggests it is required, but then I see configuration.js which resolves the missing URLs, but I am not sure how it is to be used to resolve this issue?

Hi @svarlamov

Like in the title?

Hi Team,

I am trying to integrate graphql with keycloak with express js
I am getting below error when i am trying to run the server, as some keycloak configurations has to be added.

\graphql-keycloak\node_modules\keycloak-connect\keycloak.js:70
throw new Error('Adapter configuration must be provided.');

and the code base does not import express, we nee express to run the server right ?

can someone tell me if there is some kind of configuration that i am missing out, however i do have the keycloak.json file placed in the root folder.

I'm trying to fully grasp keycloak passport + passport + next auth.

Do you have an example of how to do this ?
Using your example, I get a authorizationURL is required.

Hi @svarlamov

Like in the title?