gocloak is broken for Keycloak v17.0 : need to remove /auth from the gocloak endpoint path

Question

gocloak is broken for Keycloak v17.0 : need to remove /auth from the gocloak endpoint path

ksingh7 opened this issue 3 years ago · 9 comments

Describe the bug
Upon hitting any of the API calls i am getting error

404 Not Found: RESTEASY003210: Could not find resource for full path: http://localhost:8080/auth/realms/dev/protocol/openid-connect/token

To Reproduce
Steps to reproduce the behavior:

Keycloak Version 17.0.1
gocloak version 11.0.2
Hit the gocloak api (any method)

jwt, err := keycloakClient.Login(
		kCTX,
		kCreds.clientId,
		kCreds.clientSecret, kCreds.realm,
		kCreds.username, kCreds.password,
	)

FYI direct CURL on keyckoak works fine

Expected behavior
We should able to successfully authenticatae using gocloak method
Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. iOS] MacOS
Browser [e.g. chrome, safari] Chrome

Smartphone (please complete the following information):

Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]

Additional context
Important : Starting 17.0+ version of Keycloak, there's a change in endpoints as per the official documentation, you need to omit /auth from the endpoint.
We need a mechanism in gocloak to omit \admin

Answer 1 · 2022-03-28T15:20:49.000Z

@Nerzal i would like to thank you for this wonderful Go Library. With this bug i wanted to bring it to your notice that gocloak endpoints are broken with latest version of keycloak (17.0). gocloak API uses an additional \auth in the route path that needs to be omited in order for it to work with keycloak v 17.0

Answer 2 · 2022-03-28T15:23:57.000Z

More Info https://keycloak.discourse.group/t/using-curl-or-postman-results-in-could-not-find-resource-for-full-path/13638

Answer 3 · 2022-04-04T19:59:22.000Z

Hi,

see #252 how to change the endpoint`s paths.

Fully example for Keycloak 17:

package main

import (
	"context"
	"crypto/tls"
	"fmt"

	gocloak "github.com/Nerzal/gocloak/v11"
)

var URL string = "https://127.0.0.1:8443"

func main() {

	realm := "master"
	clientID := "my-resource-server"
	clientSecret := "***"

	client := gocloak.NewClient(URL, gocloak.SetAuthAdminRealms("admin/realms"), gocloak.SetAuthRealms("realms"))
	restyClient := client.RestyClient()
	restyClient.SetDebug(true)
	restyClient.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
	ctx := context.Background()
	token, err := client.LoginClient(ctx, clientID, clientSecret, realm)
	if err != nil {
		panic("Login failed:" + err.Error())
	}
	fmt.Println(token)
}

Answer 4 · 2022-04-05T21:10:49.000Z

thanks @mbecker I can confirm this works.

Answer 5 · 2022-05-16T04:17:15.000Z

Hi,

I am using Keycloak 18 with lib v11.1.0. I have updated the options for the path change. The GetUserInfo works, but not the GetServerInfo : still 404. The source code shows hardcoded "auth" in makeURL call 😄

Answer 6 · 2022-06-01T07:19:21.000Z

I found this in the migrating to quarkus guide:

Default context path changed
By default, the new Quarkus distribution removes /auth from the context-path. To re-introduce the /auth use the http-relative-path build option. For example:

bin/kc.[sh|bat] start-dev --http-relative-path /auth

https://www.keycloak.org/migration/migrating-to-quarkus

Answer 7 · 2022-06-26T21:31:40.000Z

Thanks mbecker for share this solutions!

Answer 8 · 2022-07-27T14:25:21.000Z

We've created a ticket to address this problem at my workplace.
This will be resolved soon :)

Answer 9 · 2022-10-13T08:59:11.000Z

Heyho everyone, here is an update:

I managed to pack this into a Task in the new sprint at work.
Also lots of nice people contributed lots of new features <3 thank you everyone!

I'm using the time at work to merge and test on the dev branch and then pack a new big release within the next days