I am using Keycloak templates to send an email. I am using ${client.baseUrl} where I want to use the baseUrl to redirect to another link, but Keycloak is saying that it doesn't exist. It's working fine in login template.
Related
So I created a website which shouldn’t be publicly accessible. Therefore I added the keycloak js adapter. Everything works as expected and I am redirected when entering the website url.
But there is a problem. If I use wget on the js/images/css etc. I still can access them because no javascript code is executed and no redirect is performed. How can I make sure that only authenticated users can access these resources? The website is hosted on nginx.
Expected is:
User tries to download file
User is redirected to keycloak if not authenticated.
Solved see comment under original post.
I am trying to connect drupal with keycloak for login. I have added client id, client secret and Keycloak realm , getting from keycloak server.
Using modules - https://www.drupal.org/project/keycloak
Link - http://localhost/drupal/user/login
After clicked on the 'Login Keycloak button' , getting error
The website encountered an unexpected error. Please try again later.
Log Message - Symfony\Component\Routing\Exception\MissingMandatoryParametersException: Some mandatory parameters are missing ("openid_connect_client") to generate a URL for route "openid_connect.redirect_controller_redirect". in Drupal\Core\Routing\UrlGenerator->doGenerate() (line 181 of C:\xampp\htdocs\drupal\core\lib\Drupal\Core\Routing\UrlGenerator.php).
Please suggest. Thank you.
Looks like you might have not added the valid redirect uri in your local keycloak server page under Clients > Settings which I believe should be "http://localhost/drupal/openid-connect/keycloak" for your project.
And also you need to provide Keycloak base URL in your drupal "Configuration > Web Service> Open ID Connect" web page which most of the times if you are using local keycloak server is http://localhost:8080
I would like to set a Keycloak redirect url. After click on Sign out button in template.ftl template which is set in account directory
It is represented by list item:
<li>${msg("doSignOut")}</li>
How it is now:
I'm redirect to the main site of keycloak (actually it is a site of login into keycloak)
What I want:
change this site and redirect user to main page of project. How can I define it as
I use Keycloak version 12.0.2
I haven't found any appropriate settings in realmName.json file or Administration Console which is available at http://localhost:8088/auth/admin/master/console/#/realms/realmName
I am setting up a community website with a Strapi CMS backend and a NuxtJS frontend using the composition API.
Besides the normal registration and login using email and username (which works!), I want users to be able to login using GitHub.
I am using #nuxtjs/auth module for authorization.
I've "deployed" my Strapi backend using ngrok. This is needed apparently to make OAuth work.
I've set up my GitHub application, using <ngrok-url>/connect/github/callback as the callback.
I've set the GitHub client_id and secret in my .env file.
In the strategies in my nuxt.config.js file I have this:
github: {
clientId: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
},
I've added a line in config/server.js of the Strapi backend:
url: '<ngrok url>'
So the backend is fired up in that location.
In my Strapi configuration, I've enabled a GitHub provider, and I need a redirect url to my frontend there. I am not sure what to put here.
I've tried: http://localhost:3000 (my Nuxt app port), but then I get a redirect uri mismatch error ("the redirect uri must match the registered callback"), when I try to access it from the frontend (using nuxt-auth's loginWith('github)').
More info on this here, but I don't get what they are saying.
Provide a redirect_uri where?
And they say to have a redirect_uri that matches what you registered. That matches what exactly?
The nuxt-auth docs are not that elaborate, saying to use $auth.loginWith('github') and that's it. I do this in my frontend, but I'm not sure if that is all I should do.
I can go manually to "<ngrok-url>/connect/github" (in ingognito) and login there in GitHub and I get redirected to the url I put in Strapi, with the access token as a parameter. So that part seems to work.
My main 2 question are:
How do I make the correct call from the frontend to the right endpoint to login through GitHub?
How do I process the result of that call?
Any help is much appreciated!
Update #1
I added a property redirectUrl on the github strategy in nuxt.config.js with the <ngrok-url>/connect/github/callback. That fixes a redirecting issue from GitHub.
I also added a redirect in Strapi to localhost:3000/connect/github and added a page in nuxt following this solution.
Now, I get back a jwt token and a user from Strapi, but $auth.loggedIn is still false in my front end. I'll try to fix this by writing my own middleware. I think this is needed because the app is server-side rendered.
The issue was that loginWith('github') connects nuxt directly to github. But we want to go to Strapi first. So in the end, I removed all the github-related info in my frontend and made a regular <a> with href to <strapi-url>/connect/github and then handled the response in a vue page like so:
data() {
return {
provider: this.$route.params.provider,
access_token: this.$route.query.access_token,
}
},
async mounted() {
const res = await this.$axios.$get(
`/auth/github/callback?access_token=${this.access_token}`,
)
const { jwt, user } = res
await this.$auth.setUserToken(jwt)
this.$auth.setUser(user)
this.$router.push(`/`)
},
To test it locally, I used ngrok to fire up the backend in a tunnel, instead of localhost.
If you want to look at more code, check out my PR here
When my users receive the "Please verifiy email link" the Link in the template is always: http://localhost:8280/auth....
First I tried to set the frontend URL in my realm:
But after this change I cannot start my quarkus-application anymore because I get the following error message: issuer validation error: received [https://myLinkToMyWebsite.com/auth/realms/turniersoftware]
So I removed this setting in keycloak.
I thought that keycloak is using this url for email broadcasts. "Quarkus-portal" is my java-application.
If I click impersonate user in keycloak and set the action "verifiy email" in keycloak admin web, I get the email verifiy email with the correct link.
If my java-program says "sendVerifyEmail" it will send out with "localhost:8280"
Can someone please explain me, what I have to configure to get the domain in my email broadcasts correct. Thank you
As per to the keycloak docs The default hostname provider uses the configured frontendUrl as the base URL for frontend requests (requests from user-agents) and uses the request URL as the basis for backend requests (direct requests from clients).
In your case I think the client configured is a Java client(which is backend) , so in order to force all the backend requests to pass through the public domain(frontendUrl) you might want to set the forceBackendUrlToFrontendUrl property to true in the standalone.xml file.
Please check the below link for further reference.
Hostname SPI