error: kcLogin: no location in response headers

[MarkLyck]

I've been trying ot get cypress-keycloak-commands running both with kcFakeLogin and kcLogin (have not had any success with either).

Trying to do a real login with kcLogin results in the following error:

TypeError: Failed to construct 'URL': Invalid URL
    at Object.getAuthCodeFromLocation (http://localhost:3000/__cypress/tests?p=cypress/support/index.js:327:15)

digging into the code, it's expecting to receive a response.headers["location"] from keycloak. However that does not exist in the response I get from my keycloak instance:

{
  "Request Body": "username=mark@*****.com&password=********",
  "Request Headers": {
    "Connection": "keep-alive",
    "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36",
    "accept": "*/*",
    "cookie": "KC_RESTART=******.platform-keycloak-1",
    "content-type": "application/x-www-form-urlencoded",
    "accept-encoding": "gzip, deflate",
    "content-length": 66
  },
  "Request URL": "https://sso.******.com/auth/realms/rogers/login-actions/authenticate?session_code=******&execution=7e758598-c100-441e-bc6d-b8afe5091585&client_id=react-admin&tab_id=3xiTIiDql64",
  "Response Body": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"  \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" class=\"login-pf\">\n\n<head>\n    <meta charset=\"utf-8\">\n    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n    <meta name=\"robots\" content=\"noindex, nofollow\">\n\n            <meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"/>\n    <title>Log in to ****</title>\n    <link rel=\"icon\" href=\"/auth/resources/4.8.3.final/login/keycloak-theme-colony/img/favicon.ico\" />\n            <link href=\"/auth/resources/4.8.3.final/login/keycloak-theme-colony/css/styles.css\" rel=\"stylesheet\" />\n<SCRIPT> if (typeof history.replaceState === 'function') {  history.replaceState({}, \"some title\", \"https://sso.******.com/auth/realms/****/login-actions/authenticate?execution=7e758598-c100-441e-bc6d-b8afe5091585&client_id=react-admin&tab_id=3xiTIiDql64\"); }</SCRIPT></head>\n\n<body class=\"\">\n  <div class=\"login-pf-page\">\n    <div id=\"kc-header\" class=\"login-pf-page-header\">\n      <div id=\"kc-header-wrapper\" class=\"\">rogers</div>\n    </div>\n    <div class=\"card-pf login-pf-accounts\">\n      <header class=\"login-pf-header\">\n        <h1 id=\"kc-page-title\">        Log In\n\n</h1>\n      </header>\n      <div id=\"kc-content\">\n        <div id=\"kc-content-wrapper\">\n\n              <div class=\"alert alert-error\">\n                  \n                  \n                  <span class=\"pficon pficon-error-circle-o\"></span>\n                  \n                  <span class=\"kc-feedback-text\">Invalid username or password.</span>\n              </div>\n\n    <div id=\"kc-form\" class=\"row\">\n      <div id=\"kc-form-wrapper\" class=\"col-xs-12 col-sm-6 login-pf-social-section\">\n            <form id=\"kc-form-login\" onsubmit=\"login.disabled = true; return true;\" action=\"https://sso.*****.com/auth/realms/***/login-actions/authenticate?session_code=*****&amp;execution=7e758598-c100-441e-bc6d-b8afe5091585&amp;client_id=react-admin&amp;tab_id=3xiTIiDql64\" method=\"post\">\n                <div class=\"form-group\">\n                    <label for=\"username\" class=\"control-label\">Username or email</label>\n\n                        <input tabindex=\"1\" id=\"username\" class=\"form-control\" name=\"username\" value=\"mark@******.com\"  type=\"text\" autofocus autocomplete=\"off\" />\n                </div>\n\n                <div class=\"form-group\">\n                    <label for=\"password\" class=\"control-label\">Password</label>\n                    <input tabindex=\"2\" id=\"password\" class=\"form-control\" name=\"password\" type=\"password\" autocomplete=\"off\" />\n                </div>\n\n                <div class=\"form-group login-pf-settings\">\n                    <div id=\"kc-form-options\">\n                        </div>\n                        <div class=\"\">\n                        </div>\n\n                  </div>\n\n                  <div id=\"kc-form-buttons\" class=\"form-group\">\n                    <input tabindex=\"4\" class=\"btn btn-primary btn-block btn-lg\" name=\"login\" id=\"kc-login\" type=\"submit\" value=\"Log In\"/>\n                  </div>\n            </form>\n        </div>\n            <div id=\"kc-social-providers\" class=\"col-xs-12 col-sm-6 login-pf-social-section\">\n                <ul class=\"login-pf-social list-unstyled login-pf-social-all \">\n                        <li class=\"login-pf-social-link\"><a href=\"/auth/realms/****/broker/r4b/login?client_id=react-admin&amp;tab_id=3xiTIiDql64&amp;session_code=jhQzUBJy4bKmcRGtDuR9MtsWzJKY3XiGy0wNVPO7f7U\" id=\"zocial-r4b\" class=\"zocial saml\"> <span>******</span></a></li>\n                </ul>\n            </div>\n      </div>\n\n\n              <div id=\"kc-info\" class=\"login-pf-signup\">\n                  <div id=\"kc-info-wrapper\" class=\"\">\n\n                  </div>\n              </div>\n        </div>\n      </div>\n\n    </div>\n  </div>\n</body>\n</html>\n",
  "Response Headers": {
    "cache-control": "no-store, must-revalidate, max-age=0",
    "x-xss-protection": "1; mode=block",
    "x-frame-options": "SAMEORIGIN",
    "content-security-policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
    "date": "Fri, 25 Sep 2020 22:00:13 GMT",
    "x-robots-tag": "none",
    "strict-transport-security": "max-age=31536000; includeSubDomains",
    "x-content-type-options": "nosniff",
    "content-type": "text/html;charset=utf-8",
    "content-length": "3946",
    "content-language": "en",
    "via": "1.1 google",
    "alt-svc": "clear"
  },
  "Response Status": 200
}

screenshot:

my initConfig:

{
        responseMode: 'fragment',
        flow: 'standard',
        onLoad: 'login-required',
        checkLoginIframe: false,
}

my users/user.json fixture:

{
  "username": "mark@******.com",
  "password": "*******",
  "fakeLogin": {
    "access_token": "********",
    "refreshToken": "********",
    "id_token": "********",
    "account": {
      "allowed_company_uids": "1",
      "aud": "account",
      "auth_time": 1601067578,
      "azp": "react-admin",
      "colony_admin_sections": "device_v3,wifi_service_v3,captive_portal_v3,site,probe,dns_service,company,SignalTest",
      "colony_available_products": "Sitehealth Failover,SecureBlock,Sitehealth Primary,Cloudfi,SignalTest",
      "colony_role": "api_user",
      "email": "mark@********.com",
      "email_verified": true,
      "exp": 1601068478,
      "family_name": "***",
      "given_name": "Mark",
      "iat": 1601067578,
      "iss": "https://sso.********.com/auth/realms/colony_internal",
      "jti": "2f590383-b4f3-4353-8ca3-689da65e8bd0",
      "name": "Mark ********",
      "nbf": 0,
      "nonce": "809a8adb-5b20-4326-8ecc-92c1190834ed",
      "preferred_username": "mark",
      "scope": "openid profile email",
      "session_state": "28088320-d761-4f2a-8a5a-d138f9e0c47a",
      "sub": "3f1af098-a974-4dac-af84-6262e506b330",
      "typ": "Bearer",
      "realm_access": {
        "roles": ["viewer", "editor", "offline_access", "admin", "uma_authorization", "user"]
      },
      "resource_access": {
        "account": {
          "roles": ["manage-account", "manage-account-links", "view-profile"]
        }
      }
    }
  }
}

I'm not sure why it's trying to read a location header or what that's for?

if I hardcode it to use http://localhost:3000 as the location it gets past this part just fine, but I then get a different 400 error:

Body: {
  "error": "unauthorized_client",
  "error_description": "Client secret not provided in request"
}

I normally pass a secret to keycloak, but that doesn't seem to be an option with this module?

[awallat]

Check out issue #13 where a workaround is shown to send the client secret. Hopefully this feature will be merged soon.

[MarkLyck]

@awallat thanks, I added the secret and I'm not getting a new error.

I'll close this issue and create a new one.