I have this working with:
adminAuth: {
type: "strategy",
strategy: {
name: "Keycloak",
label: 'Sign in with KeyCloak',
icon: "fa-key",
strategy: require("@exlinc/keycloak-passport"),
options: {
host: "https://nodered.example.com",
realm: "myRealm",
clientID: "node-red",
clientSecret: "761a35f4-f2bf-48ee-b2cb-999351d0242f",
callbackURL: "/auth/strategy/callback",
authorizationURL: "https://auth.example.com/auth/realms/myRealm/protocol/openid-connect/auth",
tokenURL: "https://auth.example.com/auth/realms/myRealm/protocol/openid-connect/token",
userInfoURL: "https://auth.example.com/auth/realms/myRealm/protocol/openid-connect/userinfo"
},
verify: function (accessToken, refreshToken, profile, done) {
done(null, profile);
}
},
users: [
{ username: "me@example.com", permissions: ["*"] }
]
},
and Keycloak settings of:
Note the http and not https in the redirect URL, as node-red was sending a redirect_uri of
https://auth.example.com/auth/realms/YendorINC/protocol/openid-connect/auth?
response_type=code&
redirect_uri=http%3A%2F%2Fnodered.example.com%2Fauth%2Fstrategy%2Fcallback&
client_id=node-red
this could be from running behind a proxy (Traefik) doing the tls for my sites.
@sarosh maybe try setting you callbackURL to just /auth/strategy/callback and your host to the host url of the nodered server [but I don't know how keycloak can call back to a localhost???]
Regards,
