downgrade fixes issues with keycloak token verification #15
Comments
|
I've followed the linked discussion to this "A best practice is to load the JavaScript adapter directly from Keycloak Server as it will automatically be updated when you upgrade the server. " - https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter |
|
Unfortunately I wasn't succesful at reproducing your fix with `"keycloak-js": "10.0.2", still behaves the same on my side. |
|
The keycloak server in my installation runs with version 10.0.2, appearantly that is the reason, why I had to downgrade the package. You have version 11.0.2 in package.json, which does not look like it is downloading the JavaScript adapter directly from Keycloak Server. |
|
I have indeed tried it by replacing keycloak's version in package.json... I will probably change the code to load keycloak from the server in the future as it is listed as best pratice although a bit of an anti-pattern in react. |
|
While the long term solution is to drop the keycloak adapter for a generic oidc client, the current issue lies indeed with keycloak and the way it determines the token issuer. I've done some investigation: pointed two different hostnames in my /etc/hosts to the server running keycloak eg.: keycloak / cloakkey. I have then pulled .well-known through those two hostnames and indeed one is returning "issuer":"http://keycloak:8080/auth/realms/master" and other "issuer":"http://cloakkey:8080/auth/realms/master". This is in my belief the cause of this problem. |
I have followed the advice in one of the answer to this question:
https://stackoverflow.com/questions/63111877/keycloak-with-angular-and-spring-error-get-http-localhost8180-auth-realms-st
to solve this:
GET http://localhost:8180/auth/realms/Storage/protocol/openid-connect/3p-cookies/step1.html 404 (Not Found)
After downgrading to version 10.0.2 for keycloak-js package, things work with keycloak.
The text was updated successfully, but these errors were encountered: