I have an app (client side js) that I managed to set up and be protected with keycloak. Now, this app also communicates with a nodjs server.
Adding keycloak protection on the server, following the documentation fails to work for some reason. It’s unclear where to dig, as this is pretty new to me.
The node.js application is express.js based. The keycloak middleware is added.
When I do not protect a certain url with keycloak.protect(‘realm:view-content’), I can access the content as long as there is an Authorisation header in my request. It doesn’t matter what is in there, I always have access. When i leave the authorisation header out, the request handling fails with an error in the keycloak session initialisation.
Now when adding the protection, I always get an ‘access denied’.
What is the best way to see what the reason for the access denied is?
Could it be that I should not use/initialise a session on the node.js side ?
I’m pretty confused at the moment.
thanks for any helpful insight.