Keycloak nodejs adapter denies access even for empty roles

I’m trying to secure my Node.js app with keycloak-connect, but after successful login Keycloak responds with 403 Access denied. Specified list of roles is empty:

    (req,res) => res.send('Secured Express + TypeScript Server'),

Keycloak configured in most basic way: just realm, client and user added:

  • MasterAdd realm → Name: kingdom
  • ClientsCreate → Client ID: nodejs
  • ClientsnodejsSettings:
    • Access Type: confidential
    • Valid Redirect URIs: *

I’ve build minimal complete project which can be run with single ./ command.

Could you please give me a hint on what Keycloak configuration I’m missing? Thanks in advance.

It was docker<->keycloak-connect misunderstanding issue: keycloak-connect talks to Keycloak directly (without issuing redirects) and when it fails (it does because Keycloak container isn’t accessible from Node.js container through localhost) it issues Access denied response.

I specified network_mode: host docker setting for Node.js container so that keycloak-connect now can access Keycloak internally.