How to log information in adminAuth's verify function

trf · 13 April 2022 12:47

Good day, I've successfully implemented oauth authentication against a keycloak server using @exlinc/keycloak-passport. I am now trying to use information (roles) from the keycloak server to determine what access/permissions is granted as suggested in this question . In order to do so I need to understand what information is present on the profile and accessToken returned by the keycloak server, so Im trying to log this information to the console but am not seeing anything when viewing the log.

Im running node-red version 2.1.4 using the nodered/node-red docker image, and viewing the logs using docker logs container_name

What is the correct way to log info in this context, and where should I be looking to see the log output?

Thanks in advance for any help.

adminAuth: {
        type: "strategy",
        strategy: {
            name: "Keycloak",
            label: 'Sign in',
            icon: "",
            strategy: require("@exlinc/keycloak-passport"),
            options: {
                host: "https://mykeycloak",
                realm: "myrealm",
                clientID: "nodered",
                clientSecret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
                callbackURL: "https://mynodered/auth/strategy/callback",
                authorizationURL: "https://mykeycloak/auth/realms/myrealm/protocol/openid-connect/auth",
                tokenURL: "https://mykeycloak/auth/realms/myrealm/protocol/openid-connect/token",
                userInfoURL: "https://mykeycloak/auth/realms/myrealm/protocol/openid-connect/userinfo"
            },
            verify: function (accessToken, refreshToken, profile, done) {
            	console.log("Test logging");	// not working or not sure where output is logged to
            	console.log(profile);			// not working or not sure where output is logged to
                done(null, profile);
            }
        },
        users: [
            { username: "user1@example.com", permissions: ["*"] },
            { username: "user2@example.com", permissions: ["*"] }
        ]
    },

trf · 13 April 2022 13:07

To add a little more detail, I've enable logging at the debug level in settings.js, and when viewing the logs I see:

TotallyInformation · 13 April 2022 13:20

Is that verify function running under node-red though or under the keycloak server? Maybe check the keycloak logs if it has any. (I've not used it).

trf · 13 April 2022 15:55

@TotallyInformation thanks for the reply, I have had a look at the logs on keycloaks side, nothing there unfortunately. I think the verify function is running on node-reds side because I think it is part of the either node-red authentication or passportjs strategy implementation.

TotallyInformation · 13 April 2022 19:08

Can you see Node-RED making the call to Keycloak in its logs? If not, I'm guessing it isn't even getting that far.

I've not had time to play with Keycloak yet. It is on my list of things to do but I'll be using it with NGINX most likely as I'll want to know how to secure all endpoints not just Node-RED admin. Ultimately, I want to do a write-up on how to use it with uibuilder.

trf · 13 April 2022 19:47

Yeah Im sure Node-RED is making the call to Keycloak, the authentication works fine, Im redirected to Keycloak, login, redirected back, and and logged into Node-RED. Im looking now to assign permissions to the user based on role info from keycloak.

TotallyInformation · 13 April 2022 19:51

Sorry, beyond me then. You could try simply throwing an error at the start of the function. At least that would tell you whether it was even being called but I suspect it isn't.

trf · 13 April 2022 20:14

Ah yeah thanks, thats a good idea, that should come out somewhere.I'll give that a go.

knolleary · 13 April 2022 21:46

A console.log inside the verify function will get written to the standard output of the Node-RED process. So wherever you are saving that output will contain anything you're logging that way.

trf · 14 April 2022 06:57

Thank you all for the help, after understanding that the logging was correct and should be showing I realised the verify function wasnt being called, which was because I had it as a property of adminAuth.strategy (which I had seen a few time for example in this question) instead of a property of adminAuth.strategy.options. After moving it to the correct place the function is called and the profile object logged.

system · 28 April 2022 06:58

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with adminAuth config for OpenID based authentication General	8	3910	2 July 2020
adminAuth config for OpenID based Authentication on Keycloak General	3	1497	17 April 2021
Nodered API authentication using keycloak auth General security	4	487	14 January 2023
OAuth/OpenID logout with Keycloak General security	9	1186	6 April 2022
OAuth/OpenID login with Keycloak General security	4	2925	8 December 2021

How to log information in adminAuth's verify function

Related Topics