OAuth2 Keycloak authentication

JohannesLichtenberger
0
JohannesLichtenberger
commented 23 days ago

Hi,

I currently have to following Configuration:

auth: {
  strategies: {
    keycloak: {
      _scheme: 'oauth2',
      authorization_endpoint: 'http://localhost:8080/auth/realms/sirixdb/protocol/openid-connect/auth',
      userinfo_endpoint: false,
      access_type: 'offline',
      access_token_endpoint: 'http://localhost:8080/auth/realms/sirixdb/protocol/openid-connect/token',
      response_type: 'code',
      token_type: 'Bearer',
      token_key: 'access_token',
      client_secret: '2e54cfdf-909b-47ca-b385-4c44886f04f0',
      client_id: 'sirix',
      grant_type: 'refresh_token'
    },
  },
  redirect: {
    login: '/login',
    callback: '/callback',
    home: '/'
  },
},

Now my problem is that only confidential clients should be allowed to communicate with Keycloak. So, the token-endpoint needs the client_secret, but it's not sent with the standard OAuth2 schema of Nuxt.js. How can I override this behavior? I'm really new to front-end webdev and if I'm using a Vert.x API backend as an indirection I got everything up and running, but not with Node.js directly communicating with Keycloak. However the Vert.x based REST-API only needs the generated JWT-tokens, to check authentication. It would have to be added here:

https://github.com/nuxt-community/auth-module/blob/e21de05cdf65deea67dbc1215ccb08673a7232bb/lib/schemes/oauth2.js#L158

Just as for the other providers :-) Or we could add a Keycloak provider?

0
Informations
Question โ€ข Unresolved
#c445 - Created 23 days ago