node oidc-provider (for keycloak)

2
votes

I am trying to have a basic node oidc-provider app as OIDC provider for my keycloak server.

Keycloak correctly links to the login page of my app. After entering username and password I get correctly transfered back to keycloak.

However, keycloak than says "Unexpected error when authenticating with identity provider".

EDIT: I adjusted the keycloak log level and now i see the following error:

Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.

My app looks like this:

const express = require('express');
const Provider = require('oidc-provider');

const app = express();

const clients = [
  {
    client_id: 'my_keycloak_client',
    client_secret: "<someKey>",
    grant_types: ['authorization_code'],
    response_types: ['code'],
    redirect_uris: ['http://localhost:8080/auth/realms/master/broker/oidc/endpoint'],
    token_endpoint_auth_method: 'none'
  }
];

const oidc = new Provider('http://localhost:3001', {
    async findById(ctx, id) {
      return {
          accountId: id,
          async claims() { return { sub: id }; },
      };
    }
});

oidc.initialize({
  clients: clients,
  keystore: {
    keys: [
        {
          kty:"RSA",
          kid: "zid-auth key",
          use: "sig",
          p:"<someKey>",
          q:"<someKey>",
          d:"<someKey>",
          e:"AQAB",
          qi:"<someKey>",
          dp:"<someKey>",
          dq:"<someKey>",
          n:"<someKey>"
      }
    ]
  }
}).then(function () {
    app.use('/', oidc.callback);
    app.listen(3001);
});
1
keycloakopenid-connectoidc-provider

1 Answers

3
votes

You must configure token_endpoint_auth_method to the right method value keycloak is actually using. oidc-provider will fail client authentication if a secret is provided for a client with the method set to none.