adminAuth config for OpenID based Authentication on Keycloak

Hello to all,

Would like to secure Node-Red using Keycloak.
I followed the post "Help with adminAuth config for OpenID based authentication" in this forum.

However, get the following error message after logging into my Keycloak server:

InternalOAuthError: Failed to obtain access token
at Strategy.OAuth2Strategy._createOAuthError (/usr/src/node-red/node_modules/passport-oauth2/lib/strategy.js:408:17)
at /usr/src/node-red/node_modules/passport-oauth2/lib/strategy.js:175:45
at /usr/src/node-red/node_modules/oauth/lib/oauth2.js:191:18
at ClientRequest. (/usr/src/node-red/node_modules/oauth/lib/oauth2.js:162:5)
at ClientRequest.emit (events.js:198:13)
at Socket.socketErrorListener (_http_client.js:401:9)
at Socket.emit (events.js:198:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at process._tickCallback (internal/process/next_tick.js:63:19)

Output Inspector Google-Chrome:

my adminAuth in settings.js looks like this:

adminAuth: {
type: "strategy",
strategy: {
name: "Keycloak",
label: "Authenticate with Identity Provider",
icon: "fa-lock",
strategy: require("@exlinc/keycloak-passport"),
options: {
host: "http://localhost:8300",
realm: "caberra",
clientID: "caberra-core-node-red-client",
clientSecret: "e08053d4-2736-413e-a67e-5805c29e89e0",
callbackURL: "/auth/strategy/callback",
verify: function (accessToken, refreshToken, profile, done) {
done(null, profile);
users: [{ username: "iot40-node-red", permissions: ["*"] }],

I also tried with the email address of this keycloak-user, but unfortunately without success and with the same result.

Attached are the settings of Keycloak.

I am grateful for any help

Has no one here ever had this problem??
Can't anyone help me?

Thanks in advance

Same here.. I am struggling with the same issue since some days.

Tested already with postman the token generation in Keycloak. Works perfect.
But there seems to be a problem in Node-Red to receive the token back.

Still looking for a solution.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.