Keycloak sends 403 Access Denied with NodeJS Adapter

Hi! I have a simple NodeJS application which I’d like to protect with keycloak-connect, but everytime returns a 403 - Access Denied error.

I have done all the tutorials i’ve found (same code, same keycloack and node versions) and even try the example provided in the library but still get the same error.

This is my keycloak.json file:

{
    "realm": "prueba",
    "auth-server-url": "http://localhost:8080/auth/",
    "ssl-required": "external",
    "resource": "prueba",
    "public-client": true,
    "confidential-port": 0
  }

My code:

var express = require("express");
var session = require("express-session");
var Keycloak = require("keycloak-connect");

var app = express();

app.use(session({
    secret:'thisShouldBeLongAndSecret',
    resave: false,
    saveUninitialized: true
}));

var sessionStore = new session.MemoryStore();
var keycloak = new Keycloak({ store: sessionStore });

app.use(keycloak.middleware());

// public url
app.get("/", (req, res) => res.send("Welcome!!"));

// protected url
app.get("/hello", keycloak.protect(), (req, res) => res.send("Hello!!"));

app.listen(3000, function () {
    console.log('Listening at http://localhost:3000');
});

When I navigate to http://localhost:3000/hello I get a 403 Access Denied and in console i get this

ErrorGrantCode

I really don’t know if I missed a step or any settings in Keycloak realms or client. I hope someone can help. Thank you!

You might try:

const memoryStore = new session.MemoryStore();

const mySession = session({
secret: ‘thisShouldBeLongAndSecret’,
resave: false,
saveUninitialized: true,
store: memoryStore
});
app.use( mySession );
// create a kcConfig
const kcConfig = { clientId: ‘xxx’ and so on };
var keycloak = new Keycloak({ store: memoryStore }, kcConfig);
app.use(keycloak.middleware());

Are you able to Resolve this issue?

Has anyone resolved this issue yet?

Were you able to solve this problem, I have been experiencing the same.

Has anyone resolved this issue ? Getting the same Access Denied 403 error even after doing what @dmitchell suggested.
Please help me out :slight_smile:

Please provide steps to reproduce the issue you mention. That’s the only way to get people to help you.

Things like:

  • Keycloak server version
  • Keycloak Node.js version
  • Realm configuration or how the client is configured
  • Publish the code on GitHub if possible

The more information you provide, more quickly you may get an answer.

1 Like

I too get the same error for the node adapter by following the keycloak documentation.

Keycloak version 11.0.0
keycloak-connect: 11.0.2,
node: 13.9.2
express: 4.17.1
express-session: 1.17.1

Client is configured as openid protocol with bearer-only =true.

I have the same issue. Did anyone resolve this issue?

Guys I think I’m facing the same problem.

In my case, when I’m executing some commands like, create new realm, and after this, in sequence, I send another command like create roles at this new realm, I give access denied 403, it seems like the first command (create realm) sent me 201 status on keycloak API, but someway (I dont know why) the new realm isn’t ready properly.

If I send the create roles command before some time, it work correctly.

Does someone know how to solve it? I imagine that I could not run keycloak with high volume access.

Best regards,
Diego