Hi everyone,
I have created users with 2 roles: admin and user. Now I am securing API endpoints based on these roles but I am getting access denied can someone please let me know what I am missing? I have successfully generated access token for user with admin or user role but when I hit the endpoint it always gives 403 not sure why.
Node server.js:
var express = require("express");
var app = express();
var session = require("express-session");
var Keycloak = require("keycloak-connect");
let _keycloak;
var keycloakConfig = {
clientId: "node-XXXXXX",
bearerOnly: true,
serverUrl: "http://localhost:8180/auth",
realm: "node-XXXXXX",
};
var memoryStore = new session.MemoryStore();
app.use(
session({
secret: "some secret",
resave: false,
saveUninitialized: true,
store: memoryStore,
})
);
_keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);
app.use(_keycloak.middleware());
app.get("/", function (req, res) {
res.send("Server is up!");
});
app.get("/user", _keycloak.protect("user"), function (req, res) {
res.send("I am user!");
});
app.get("/admin", _keycloak.protect("admin"), function (req, res) {
res.send("I am Admin!");
});
app.listen(5000, () => console.log("server running.."));
I have checked role mapping and all the roles are correctly assigned to user but doesn’t seem to work. Thanks in advance