Hello to all,
Would like to secure Node-Red using Keycloak.
I followed the post "Help with adminAuth config for OpenID based authentication" in this forum.
However, get the following error message after logging into my Keycloak server:
Blockquote
InternalOAuthError: Failed to obtain access token
at Strategy.OAuth2Strategy._createOAuthError (/usr/src/node-red/node_modules/passport-oauth2/lib/strategy.js:408:17)
at /usr/src/node-red/node_modules/passport-oauth2/lib/strategy.js:175:45
at /usr/src/node-red/node_modules/oauth/lib/oauth2.js:191:18
at ClientRequest. (/usr/src/node-red/node_modules/oauth/lib/oauth2.js:162:5)
at ClientRequest.emit (events.js:198:13)
at Socket.socketErrorListener (_http_client.js:401:9)
at Socket.emit (events.js:198:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at process._tickCallback (internal/process/next_tick.js:63:19)
Output Inspector Google-Chrome:
my adminAuth in settings.js looks like this:
Blockquote
adminAuth: {
type: "strategy",
strategy: {
name: "Keycloak",
label: "Authenticate with Identity Provider",
icon: "fa-lock",
strategy: require("@exlinc/keycloak-passport"),
options: {
host: "http://localhost:8300",
realm: "caberra",
clientID: "caberra-core-node-red-client",
clientSecret: "e08053d4-2736-413e-a67e-5805c29e89e0",
callbackURL: "/auth/strategy/callback",
authorizationURL:
"http://localhost:8300/auth/realms/caberra/protocol/openid-connect/auth",
tokenURL:
"http://localhost:8300/auth/realms/caberra/protocol/openid-connect/token",
userInfoURL:
"http://localhost:8300/auth/realms/caberra/protocol/openid-connect/userinfo",
},
verify: function (accessToken, refreshToken, profile, done) {
done(null, profile);
},
},
users: [{ username: "iot40-node-red", permissions: ["*"] }],
},
I also tried with the email address of this keycloak-user, but unfortunately without success and with the same result.
Attached are the settings of Keycloak.
I am grateful for any help
