ivangfr / springboot-react-keycloak Goto Github PK

Upgrading to Keycloak 17 results in 401 Auth issue when listing Realms.

I know this is more of a wish then a defect, but I've been using this project a test and would like to upgrade to Keycloak 17 and have issues.

When I find out why I get the Auth issue with 17 I will feed it back here, and hope to create a PR to update this project.

First, thank you for the code. It really helps me.
Sorry if this is a newbie question.
I've tried to understand how do you create the user extra such avatar after login at keycloak but I still don't understand. Can you explain a little bit?

Hi Ivan, you did a great job with this demo app it has helped me a lot. Congrats!
But I do face a problem. I just cannot hit the endpoint via postman.
When I do not provide a token I get a 400 bad request with an HTML response in the body saying:

Invalid parameter: redirect_uri

When I try to call the api after I receive a token I get a 401 unauthorized. Any hint what can go wrong ? Maybe some Keycloak configuration ?

Thanks in advance!

Hello @ivangfr , as far as I know there are 2 ways to verify the JWT token
i) Forward the token to Auth server for verification
ii) Verify the token in Resource server itself using public key

In this project you have used the first way, is it possible to use the second way?
If yes could you please let me know.

First of all, thanks, super nice approach.

I realized you are missing the following for the local dev environment, so it does not collide spring boot port with kc

Under application.yml for spring services you could add the following, to launch the react dashboard directly

server: port: 9080

https://github.com/react-keycloak/react-keycloak

⚠️ DEPRECATED and UNMAINTAINED
This library is deprecated and will no longer be maintained or updated.

Instead, it is recommended to use:

react-oidc-context for React SPA projects instead of @react-keycloak/web
NextAuth.js for Next.js projects instead of @react-keycloak/ssr

Hello @ivangfr ,

Firstly, great project! loved it. It covers everything from the backend and front end.
However, I had some queries regarding Keycloak in your project.

As far as I have done research the only API to revoke a token is the /revoke API which looks like this

http://localhost:8080/realms/<realm-name>/protocol/openid-connect/revoke
Along with this URL we will also be using clientId,client-secret, token_type and the actual token we want to revoke.

My query is, if we use the PKCE apporoach there is no client-secret ,so how do we revoke the token since the client secret is not optional

The same query applies for the introspect endpoint as well

http://localhost:8080/realms/<realm-name>/protocol/openid-connect/token/introspect

Thank you so much this great example project!

Best Regards

Bela

With the deprecation of the keycloak adapters I was wondering if you would be able to provide an update or a seperate example of how to handle this without the keycloak adapater.
https://www.keycloak.org/2022/02/adapter-deprecation.html

Just tried to run the docker-compose command and got this error:

docker-compose up -d
Traceback (most recent call last):
File "urllib3/connectionpool.py", line 670, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1255, in request
File "http/client.py", line 1301, in _send_request
File "http/client.py", line 1250, in endheaders
File "http/client.py", line 1010, in _send_output
File "http/client.py", line 950, in send
File "docker/transport/unixconn.py", line 43, in connect
FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "requests/adapters.py", line 439, in send
File "urllib3/connectionpool.py", line 726, in urlopen
File "urllib3/util/retry.py", line 410, in increment
File "urllib3/packages/six.py", line 734, in reraise
File "urllib3/connectionpool.py", line 670, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1255, in request
File "http/client.py", line 1301, in _send_request
File "http/client.py", line 1250, in endheaders
File "http/client.py", line 1010, in _send_output
File "http/client.py", line 950, in send
File "docker/transport/unixconn.py", line 43, in connect
urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "docker/api/client.py", line 214, in _retrieve_server_version
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 237, in _get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 498, in send
requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "docker-compose", line 3, in
File "compose/cli/main.py", line 81, in main
File "compose/cli/main.py", line 199, in perform_command
File "compose/cli/command.py", line 60, in project_from_options
File "compose/cli/command.py", line 152, in get_project
File "compose/cli/docker_client.py", line 41, in get_client
File "compose/cli/docker_client.py", line 170, in docker_client
File "docker/api/client.py", line 197, in init
File "docker/api/client.py", line 221, in _retrieve_server_version
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
[2372] Failed to execute script docker-compose

Giving timeout error and some times null pointer error.

Is "refresh token" supported ?

thanks