NikiforovAll/keycloak-authorization-services-dotnet

KeycloakClient not working with relative urls

Opened this issue · 3 comments

I have my Keycloak service in a relative url behind a proxy ( e.g. https://localhost/identity/ )

Also i have configured the HttpClient used for KeycloakClient to use AuthServerUrl as base address:

services
    .AddHttpClient(BackendIdentityConstants.KeycloakAdminHttpClient,
        (sp, http) =>
        {
            var keycloakOptions = sp.GetRequiredService<IOptions<KeycloakAdminClientOptions>>();

            http.BaseAddress = new Uri(keycloakOptions.Value.AuthServerUrl);
        }
    )

But when I try to use the KeycloakClient.cs for creating a user the request uri converts to https://localhost/admin/myrealm/users instead of https://localhost/identity/admin/myrealm/users.

This is because the ApiUrls.AdminApiBase is "/admin" instead of "admin", this initial '/' overrides any relative url as it is said in the BaseAddress documentation:

Remarks

When sending a HttpRequestMessage with a relative Uri, the message Uri will be added to the BaseAddress property to create an absolute Uri.

Note that all characters after the right-most "/" in the base URI are excluded when combined with the message URI. See RFC 3986 Uniform Resource Identifier (URI) Generic Syntax specification.

For the time being I have fixed this by removing this initial '/' in ApiUrls.AdminApiBase in a copy of the ApiUrls class.

Maybe this could be fixed by removing that initial '/'?

Yeah, maybe we should consider removing the initial '/', unfortunately, I don't have time to fix it right. Would you like to contribute?

Yeah, maybe we should consider removing the initial '/', unfortunately, I don't have time to fix it right. Would you like to contribute?

Sure! It will be a pleasure

Also I have been extending the IKeycloakUserClient and IKeycloakRealmCustomClient adding more api calls, I don't know if that could be also interesting to propose in a PR

Sure, I would be happy to see a contribution from you.