Keycloak nodejs adapter denies access even for empty roles

Slaus · May 9, 2021, 6:27am

I’m trying to secure my Node.js app with keycloak-connect, but after successful login Keycloak responds with 403 Access denied. Specified list of roles is empty:

app.all(
    '/',
    keycloak.protect(),
    (req,res) => res.send('Secured Express + TypeScript Server'),
)

Keycloak configured in most basic way: just realm, client and user added:

Master → Add realm → Name: kingdom
Clients → Create → Client ID: nodejs
Clients → nodejs → Settings:
- Access Type: confidential
- Valid Redirect URIs: *

I’ve build minimal complete project which can be run with single ./run.sh command.

Could you please give me a hint on what Keycloak configuration I’m missing? Thanks in advance.

Slaus · May 10, 2021, 4:10am

It was docker<->keycloak-connect misunderstanding issue: keycloak-connect talks to Keycloak directly (without issuing redirects) and when it fails (it does because Keycloak container isn’t accessible from Node.js container through localhost) it issues Access denied response.

I specified network_mode: host docker setting for Node.js container so that keycloak-connect now can access Keycloak internally.

Topic		Replies	Views
Keycloak sends 403 Access Denied with NodeJS Adapter Securing applications adapter-nodejs	10	7474	November 3, 2021
NodeJS Adapter Authentication seems not working, 403 Access Denied Configuring the server authentication	7	5735	November 14, 2022
Nodejs Confidential Rest-Api w/ Permissions - Always 403s - What Am I Doing Wrong? Securing applications adapter-nodejs	0	612	April 8, 2022
Letting keycloak-connect in node.js and client side javascript collaborate? Securing applications	0	509	December 19, 2019
Keycloak + Docker stack + Node.js REST API server seemingly impossible to get working Getting advice	1	1894	December 11, 2021

Keycloak nodejs adapter denies access even for empty roles

Related Topics