How to log information in adminAuth's verify function

Good day, I've successfully implemented oauth authentication against a keycloak server using @exlinc/keycloak-passport. I am now trying to use information (roles) from the keycloak server to determine what access/permissions is granted as suggested in this question . In order to do so I need to understand what information is present on the profile and accessToken returned by the keycloak server, so Im trying to log this information to the console but am not seeing anything when viewing the log.

Im running node-red version 2.1.4 using the nodered/node-red docker image, and viewing the logs using docker logs container_name

What is the correct way to log info in this context, and where should I be looking to see the log output?

Thanks in advance for any help.

adminAuth: {
        type: "strategy",
        strategy: {
            name: "Keycloak",
            label: 'Sign in',
            icon: "",
            strategy: require("@exlinc/keycloak-passport"),
            options: {
                host: "https://mykeycloak",
                realm: "myrealm",
                clientID: "nodered",
                clientSecret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
                callbackURL: "https://mynodered/auth/strategy/callback",
                authorizationURL: "https://mykeycloak/auth/realms/myrealm/protocol/openid-connect/auth",
                tokenURL: "https://mykeycloak/auth/realms/myrealm/protocol/openid-connect/token",
                userInfoURL: "https://mykeycloak/auth/realms/myrealm/protocol/openid-connect/userinfo"
            },
            verify: function (accessToken, refreshToken, profile, done) {
            	console.log("Test logging");	// not working or not sure where output is logged to
            	console.log(profile);			// not working or not sure where output is logged to
                done(null, profile);
            }
        },
        users: [
            { username: "user1@example.com", permissions: ["*"] },
            { username: "user2@example.com", permissions: ["*"] }
        ]
    },

To add a little more detail, I've enable logging at the debug level in settings.js, and when viewing the logs I see:

Is that verify function running under node-red though or under the keycloak server? Maybe check the keycloak logs if it has any. (I've not used it).

@TotallyInformation thanks for the reply, I have had a look at the logs on keycloaks side, nothing there unfortunately. I think the verify function is running on node-reds side because I think it is part of the either node-red authentication or passportjs strategy implementation.

Can you see Node-RED making the call to Keycloak in its logs? If not, I'm guessing it isn't even getting that far.

I've not had time to play with Keycloak yet. It is on my list of things to do but I'll be using it with NGINX most likely as I'll want to know how to secure all endpoints not just Node-RED admin. Ultimately, I want to do a write-up on how to use it with uibuilder.

Yeah Im sure Node-RED is making the call to Keycloak, the authentication works fine, Im redirected to Keycloak, login, redirected back, and and logged into Node-RED. Im looking now to assign permissions to the user based on role info from keycloak.

Sorry, beyond me then. You could try simply throwing an error at the start of the function. At least that would tell you whether it was even being called but I suspect it isn't.

Ah yeah thanks, thats a good idea, that should come out somewhere.I'll give that a go.

A console.log inside the verify function will get written to the standard output of the Node-RED process. So wherever you are saving that output will contain anything you're logging that way.

Thank you all for the help, after understanding that the logging was correct and should be showing I realised the verify function wasnt being called, which was because I had it as a property of adminAuth.strategy (which I had seen a few time for example in this question) instead of a property of adminAuth.strategy.options. After moving it to the correct place the function is called and the profile object logged.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.