Open
Description
New Issue Checklist
- I am not disclosing a vulnerability.I am not just asking a question.I have searched through existing issues.I can reproduce the issue with the latest version of Parse Server.
Issue Description
Hi
my problem is that I can't find out how to login with keycloak, I searched a lot and couldn't make it work.
I know in backend, parse server should config for support Keycloak and in front user should login/signup with method linkWith. but the problem is that I get [403] -> unauthorized error with any payload.
Steps to reproduce
Backend:
const fs = require('fs');
const express = require('express');
const ParseServer = require('parse-server').ParseServer;
const cors = require('cors');
const app = express();
app.use(express.json());
app.use(express.text());
const api = new ParseServer({
databaseURI: 'mongodb://admin:admin@localhost:27017/', // Connection string for your MongoDB database
cloud: './cloud/main.js', // Path to your Cloud Code
appId: 'myAppId',
masterKey: 'myMasterKey', // Keep this key secret!
fileKey: 'optionalFileKey',
serverURL: 'http://localhost:8080/parse', // Don't forget to change to https if needed
auth: {
keycloak: {
config: {
"realm": "BenjaminR",
"auth-server-url": "http://localhost:8081/",
"ssl-required": "external",
"resource": "my-kc",
"verify-token-audience": true,
"credentials": {
"secret": "KVuKQ47Re25rewsd0RE8lUlaziDtfcDSH"
},
"use-resource-role-mappings": true,
"confidential-port": 0
}
}
}
});
app.use(cors('*'));
// Serve the Parse API on the /parse URL prefix
app.use(cors('*'));
app.use('/parse', api);
app.listen(8080, function() {
console.log('parse-server-example running on port 1337.');
});Client:
const token = 'keycloak valid and tested token'
const user = new Parse.User();
await user.linkWith('keycloak', {
authData: {
access_token: token,
id: "cwq613e9-a220-2g7a-bfx7-72722978wc02",
roles: ["roles..."],
groups: ["user-groups"]
}
});Actual Outcome
{ "error": "unauthorized" }
Expected Outcome
expected response in document
Server
- Parse Server version:
5.2.8 - Operating system:
windows 10 - Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc):
local
Database
- System (MongoDB or Postgres):
MongoDB - Database version:
6.0.2 - Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc):
local (docker)
Client
- SDK (iOS, Android, JavaScript, PHP, Unity, etc):
javascript - SDK version:
3.4.4
Logs
no log
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Participants
Activity
parse-github-assistant commentedon Oct 16, 2022
Thanks for opening this issue!
mohamad-rai commentedon Oct 17, 2022
I found the problem, it was for
app.use(express.text());in the backend, it made all requests unauthorized but there is a conflict.if I don't use
app.use(express.text());I will getUnexpected token u in JSON...for linking the user (above client code) and if I use it I will get an unauthorized error!!!what should I do???
mtrezza commentedon Oct 17, 2022
I'm closing this as it does not seem to be a Parse Server issue.
mohamad-rai commentedon Oct 18, 2022
there was a bug in the keycloak.js adapter, also in document, you said with keycloak.json we can connect but in your HTTP request module, you used
httpsthat which separated the host and protocol, and path. it has two problems.also, you didn't say we must have roles and groups in keycloak userinfo response!
I fixed the issues in the parse-server source for our company but I believe it should be fixed in the source to be able to get updates.
dcelix commentedon Oct 18, 2022
Hi @mohamad-rai, we are facing the same issue, and also solved it on our source.
I'm willing to make our changes available upstream if you are not planning on opening a PR with your fix. On our side, we are not using http connection, just allowing https connections with self-signed certificates for dev environments.
mtrezza commentedon Oct 19, 2022
Yes, would you want to open a PR?
mohamad-rai commentedon Oct 20, 2022
I fixed the issue and created a branch for it but unfortunately, in Iran, we don't have a stable connection to GitHub, poor connection from inside and I think forbidden access to GitHub from outside made a beautiful programming life for us!
I can send the changes to your email if you want.
mtrezza commentedon Oct 20, 2022
Could you share a dropbox / google drive / etc link? Also, maybe try the 1.1.1.1 app, the DoH encryption may not allow the domain firewall to detect your target domain.
mohamad-rai commentedon Oct 22, 2022
here you can find my updates: https://drive.google.com/file/d/12ZWjqtSam0SNVX_rth0hJZ958eyyBCtK/view?usp=sharing
mtrezza commentedon Oct 23, 2022
Thanks for the archive; which files did you change, so I can open a PR?
mohamad-rai commentedon Oct 26, 2022
httpsRequest.jsutils.js(added, maybe you should move it somewhere else),keycloak.jsall in\src\Adapters\Authmtrezza commentedon Oct 26, 2022
@mohamad-rai I've opened #8259. Any code changes you can make there directly by adding a review with a code suggestion or posting them there as a comment. I see that a test case is missing there, we'd need that too. We'll use the PR thread to discuss any changes.