Question about JS Authorization
92 views
Skip to first unread message
Daniel Choi
Apr 10, 2023, 4:24:13 PM4/10/23
to Keycloak User
Hi everyone.
Background:
Background:
I'm implementing Keycloak v21, and I have two clients that need to be protected via authentication and authorization (sort of). The clients are my web app and api.
Our requirements dictate that we use Keycloak for authentication flow, and retrieve the permissions/scopes from:
- https://localhost:8443/realms/<realm_name>/protocol/openid-connect/token
Our requirements dictate that we use Keycloak for authentication flow, and retrieve the permissions/scopes from:
- https://localhost:8443/realms/<realm_name>/protocol/openid-connect/token
- grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&client_id=<webapp/api client>
Where we would use the scopes to restrict access to our resources in the application level to reduce the number of calls required to authorize access.
tldr. I need two api calls to keycloak service, authentication request, and permissions request from access token.
For the webapp, I am using keycloak.js (21.0.2) for authentication and keycloak-auth.js (4.8.3) for permissions retrieval.
Problem:
1. It might be my lack of understanding, but when I:
```
```
let initOptions = {
url: <keycloak_url>,
realm: <realm_name>,
clientId: <client_name>,
clientSecret: <client_secret>,
checkLoginIframe: false,
flow: "implicit",
scope: "openid",
onLoad: 'login-required'
}
const keycloak = new Keycloak(initOptions);
keycloak.init({ onLoad: initOptions.onLoad, checkLoginIframe: initOptions.checkLoginIframe, flow: initOptions.flow, scope: initOptions.scope })
.then((auth) => {
if (auth) {
// ----------------------
// authorization
const authorization = new KeycloakAuthorization(keycloak)
authorization.entitlement(<client_name>).then( function (rpt) {
console.log()
})
console.log(authorization)
// ----------------------
console.log("user is authenticated")
} else {
console.log(auth)
console.log("user is not authenticated")
}
})
.catch(err => {
console.log(keycloak)
console.error('error initializing Keycloak: ', err)
});
```
apparently _instance.config.token_endpoint is missing, which is odd since if I console.log(authorization) object, i can see the config.token_endpoint.
2. For testing, I set the config.token_endpoint in keycloak_authz.js to the appropriate url, but I run into another issue:
apparently _instance.config.token_endpoint is missing, which is odd since if I console.log(authorization) object, i can see the config.token_endpoint.
2. For testing, I set the config.token_endpoint in keycloak_authz.js to the appropriate url, but I run into another issue:
- `{error: "server_error", error_description: "Unexpected error while evaluating permissions"}`
I'm assuming it's due to one of two things:
- Bad implementation of authorization entitlement on my part, but
- Bad implementation of authorization entitlement on my part, but
there is not much documentation on this I can find,
- Implicit flow doesn't allow the retrieval of RPT Token or some of my authentication
configurations are incorrect for this use-case.
I'd be happy to privately provide the rest of the configurations and realm export if someone
I'd be happy to privately provide the rest of the configurations and realm export if someone
wants to reproduce this error!
Thank you in advance!
Daniel Choi
Apr 10, 2023, 4:28:39 PM4/10/23
to Keycloak User
A bit of clarification I missed in my initial post.
The authentication part itself works as expected, but it's only an issue with the Authorization permission/scope retrieval.
The authentication part itself works as expected, but it's only an issue with the Authorization permission/scope retrieval.
Thank you!
Reply all
Reply to author
Forward
0 new messages