I'm having some issues with my Nodejs-Keycloak Connection, I'm getting Access Denied after Authentication (user and password work, also registering) even with the most basic config. I'm getting Access Denied on Postman and on the browser. I've followed the official guide and this one (Securing Node.js Express REST APIs with Keycloak) and also the official Github Example from the Adapter.
My config is simple
Express Route:
app.get('/secured', keycloak.protect(), function (req, res) {
res.json({
message: 'secured'
})
})
Access Type: Confidential
This is my keycloak.json
{
"realm": "Demo-Realm",
"auth-server-url": "https://<IPADDRESS>/auth/",
"ssl-required": "external",
"resource": "nodejs-microservice",
"verify-token-audience": true,
"credentials": {
"secret": "135442a7-3770-4345-9dd2-cac023b6a918"
},
"use-resource-role-mappings": true,
"confidential-port": 0,
"policy-enforcer": {}
}
I downloaded from the Installation Tab under the Client Config.
Steps:
- Go to the /secure URL, it redirects to the keycloak server login page
- Insert username(email) and password and log in
- Gets redirected back to my localhost but with Access Denied 403
I'm getting Access Denied no matter which one I'm using, Confidential or Bearer. I'm able to authenticate through Postman/curl and get the token (bearer) and also redirecting to the Keycloack login page and inserting the credentials, but I get Access Denied.
On my dev server console I get this: Could not obtain grant code: Error: Grant validation failed. Reason: invalid token (wrong audience)
