2

I am trying to secure my backend service but due to the updates with Keycloak 19.0 I can't follow any tutorial online. I am trying to set bearerOnly: true but there are no options to set the access type in new version of Keycloak

null2493
  • 69
  • 9

1 Answers1

1

I tested v19.0.1, I can't find to option for bearerOnly option UI either but client JSON import after export and change bearerOnly true works.

I tested to import v18.0.2's JSON makes error.(attached image at the bottom)

So if you migrate from old version to 19.0.1 should be update manually base on v19's export JSON file. Steps

  1. Export Client JSON from v19
  2. Delete #1 client
  3. Switch "bearerOnly": true
  4. Import #3 JSON in v19

This is bearerOnly true and false difference screen in UI

bearerOnly True option

enter image description here

bearerOnly False option

enter image description here

Using this JSON for True option

{
  "clientId": "my-client-bearer-true",
  "name": "My Client Bearer Only True",
  "description": "",
  "surrogateAuthRequired": false,
  "enabled": true,
  "alwaysDisplayInConsole": false,
  "clientAuthenticatorType": "client-secret",
  "redirectUris": [],
  "webOrigins": [],
  "notBefore": 0,
  "bearerOnly": true,
  "consentRequired": false,
  "standardFlowEnabled": true,
  "implicitFlowEnabled": false,
  "directAccessGrantsEnabled": true,
  "serviceAccountsEnabled": false,
  "publicClient": true,
  "frontchannelLogout": true,
  "protocol": "openid-connect",
  "attributes": {
    "oidc.ciba.grant.enabled": "false",
    "oauth2.device.authorization.grant.enabled": "false",
    "backchannel.logout.session.required": "true",
    "backchannel.logout.revoke.offline.tokens": "false"
  },
  "authenticationFlowBindingOverrides": {},
  "fullScopeAllowed": true,
  "nodeReRegistrationTimeout": -1,
  "defaultClientScopes": [
    "web-origins",
    "acr",
    "roles",
    "profile",
    "email"
  ],
  "optionalClientScopes": [
    "address",
    "phone",
    "offline_access",
    "microprofile-jwt"
  ],
  "access": {
    "view": true,
    "configure": true,
    "manage": true
  }
}

If import v18.0.2 JSON file with bearerOnly true into v19.0.1, It makes error

enter image description here

I using this V18 JSON file but It makes error as upper image. So you can't import directly v18 JSON into V19.

{
  "realm": "test",
  "bearer-only": true,
  "auth-server-url": "http://localhost:8180/auth/",
  "ssl-required": "external",
  "resource": "my-client",
  "confidential-port": 0
}
Bench Vue
  • 5,257
  • 2
  • 10
  • 14
  • Thanks for the answer, from what I can understand is that I can't set `bearer-only` to `true` in the UI for version 19, correct? ```{ "realm": "test", "auth-server-url": "http://localhost:8080/", "ssl-required": "external", "resource": "test-api", "verify-token-audience": true, "credentials": { "secret": "" }, "confidential-port": 0, "policy-enforcer": {} }``` I can just use **"bearer-only": true,** in the JSON, correct? – null2493 Aug 31 '22 at 13:42
  • #1 Yes, you can't set true by UI, #2 No that JSON makes error as attached image, you needs to export first from v19.0 UI , and change to true in JSON , delete that client then import by v19 UI. – Bench Vue Aug 31 '22 at 13:49
  • 1
    Thanks, I will try it and hopefully it will work. – null2493 Aug 31 '22 at 14:12
  • It worked, thanks for the answer it was really helpful. I literally wasted two days figuring this out! – null2493 Aug 31 '22 at 20:00
  • You are welcome, if give me a thumbs up, it help me to keep answer. – Bench Vue Aug 31 '22 at 20:59
  • I am trying to secure a backend route **router.get('/v1/secured', keycloak.protect(), securedFunction);** My doubt is that I wanna go to secure function irrespective of whether **keycloak.protect()** works or not but I can't add a middleware because I am unable to use **keycloak.protect()** inside the middleware function. Is there a way to add some middleware so that some code runs irrespective of the authentication failed or succeeded. Thanks! – null2493 Sep 10 '22 at 04:37
  • First, it seems like other issue for middleware, can you makes new question with detail information?, Second you said. it worked on Aug/31th. but you did not give me thumbs up. It is not encourage to me to help this question. – Bench Vue Sep 10 '22 at 08:30
  • Hey @bench, I will put the question in detail. I wanted to give your answer a thumbs up as it really helped me but I only have 13 reputation points while to give thumbs up I need 15 reputation points. I am really sorry about that. – null2493 Sep 10 '22 at 14:39
  • 13 points is good enough, if press up arrow in my answer, it will increase my point and turn to green check mark. I will look your detail question if I can handle that. – Bench Vue Sep 10 '22 at 14:42
  • I accepted the answer and then I was able to click the up arrow lol. – null2493 Sep 10 '22 at 14:46
  • Thanks, for click turn to green check mark in my side, increase 10 point to me and your point increase 2 points(?), then I gave a thumbs up to you. it gave 10 points up and it increase automatically15 points to me. I don't know the logic but it is first time experience. – Bench Vue Sep 10 '22 at 14:49
  • Weird, but it worked somehow lol. – null2493 Sep 10 '22 at 14:53
  • Hey, I couldn't post using this id so I made a new one and posted the detailed new query. Could you please take a look @bench vue? Thanks. https://stackoverflow.com/questions/73674128/use-keycloak-protect-in-a-function-that-will-be-used-as-a-middleware-in-nodejs – null2493 Sep 10 '22 at 18:05