-
Notifications
You must be signed in to change notification settings - Fork 26
Access Denied with Bearer Token #38
Comments
Mostly issue is with keycloak url |
In case anyone else runs into this, I had the same problem and it was indeed b/c of the URL's. I was running keycloak, hasura, and the connector in minikube and port forwarding to the containers so I could access locally. The hasura connector would fail running in the cluster but it validated the token when I ran the hasura-connector locally as a node process. It turns out the keycloak connect middleware compares the URL of the keycloak server in the parsed token and the keycloak URL that is configured for the connector. If they don't match, it declares the token invalid. B/C the token was being issued by a port-forwarded keycloak, the token had the url
|
@AdamFerguson Thanks for the feedback... |
Describe the bug
I created the two clients as described in the documentation. Nevertheless, access to the GraphQL API is denied. I have debugged the connector and found out that the access token of the client in the connector is not validated and therefore access is denied (
kauth = {}
). Is keycloak-connect suitable for a bearer only api? The two articles on Stackoverflow do not read like this:https://stackoverflow.com/questions/42394475/authenticate-a-rest-api-using-keycloak-access-token-received-from-authorization
https://stackoverflow.com/questions/48274251/keycloak-access-token-validation-end-point/51047525#51047525
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The access token of the frontend_app can be used to access the graphql api.
Desktop (please complete the following information):
Setup
The text was updated successfully, but these errors were encountered: