Security multiple routes in NodeJS

I’m using keycloak to secure a web application. I believe my issue is that I have keycloak configured incorrectly but can’t seem to determine where or how.

I have this in my nodejs web application:
app.get(’/’, keycloak.protect(), function (req, res) {
res.redirect(’/client’);
});

When from a browser, I go to http://localhost:3000
it sends me to the Keycloak login page as expected.

However, when I go to a http://localhost:3000/client
it goes directly to my page. It does not send my to the Keycloak login page.

How do I get http://localhost:3000/client require a Keycloak session / login?