Quarkus Web应用程序无法通过JWT和Keycloak授权

时间:2019-11-08 10:00:29

标签: oauth-2.0 keycloak quarkus

我正在尝试使用Keycloak中的代码授予流向Quarkus应用程序授权用户。 这是Quarkus配置

# OIDC Configuration
quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/quarkus
quarkus.oidc.client-id=web-application
quarkus.oidc.credentials.secret=ca21b304-XXX-XXX-XXX-51d38ef5da02
quarkus.oidc.application-type=web-app
quarkus.oidc.authentication.scopes=email

“ Web应用程序”的客户端配置仅启用了标准流程(用于代码授权流程)

web app configuration

  • 我访问了http://localhost:8080/
  • 我被重定向到Keycloak(URL scope=openid+email&response_type=code&client_id=web-application看起来不错
  • 我使用示例用户帐户登录
  • 我将代码重定向回了
  • 然后我在Quarkus中遇到异常
Caused by: org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 401 / Unauthorized / Response from server: {"error":"unauthorized_client","error_description":"Client not enabled to retrieve service account"}
    at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:95)
    at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
    at org.keycloak.authorization.client.util.TokenCallable.obtainAccessToken(TokenCallable.java:121)
    at org.keycloak.authorization.client.util.TokenCallable.call(TokenCallable.java:57)
    at org.keycloak.authorization.client.resource.ProtectedResource.createFindRequest(ProtectedResource.java:276)
    at org.keycloak.authorization.client.resource.ProtectedResource.access$300(ProtectedResource.java:38)
    at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:205)
    at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:202)
    at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:210)

Keycloak中的错误是:

09:58:25,420 WARN  [org.keycloak.events] (default task-30) type=CLIENT_LOGIN_ERROR, realmId=quarkus, clientId=web-application, userId=null, ipAddress=172.17.0.1, error=invalid_client, grant_type=client_credentials, client_auth_method=client-secret

问题: 为什么Quarkus尝试使用“ grant_type = client_credentials”?它应该使用授权类型=“ authorization_code”。这看起来像是Quarkus中的错误,但也许有一个标记。

2 个答案:

答案 0 :(得分:0)

您可以尝试:

SELECT * FROM (
    SELECT a.securityID, username, a.dateOn, 
    (SELECT SUM(pricePaid*qty) as total FROM auctions_cart c INNER JOIN auctions_orders o ON o.orderID=c.orderID WHERE o.securityID=a.securityID AND c.status='closed' AND o.dateOn between '11/1/2019 00:01:00.00' AND '11/30/2019 23:59:59.999' AND o.dateOn>='7/2/2013 9:16:15 AM') as aTotal, 
    (SELECT SUM(price*qty) as total FROM donations_cart WHERE securityID=a.securityID AND dateOn between '11/1/2019 00:01:00.00' AND '11/30/2019 23:59:59.999' AND dateOn>='7/2/2013 9:16:15 AM' AND rDenied<>'True') as dTotal, 
    (SELECT SUM(price*qty) as total FROM events_cart WHERE securityID=a.securityID AND dateOn between '11/1/2019 00:01:00.00' AND '11/30/2019 23:59:59.999' AND dateOn>='7/2/2013 9:16:15 AM') as eTotal, 
    (SELECT SUM(price*qty) as total FROM registrations_cart WHERE securityID=a.securityID AND dateOn between '11/1/2019 00:01:00.00' AND '11/30/2019 23:59:59.999' AND dateOn>='7/2/2013 9:16:15 AM') as rTotal
    FROM authorizeNet a 
    INNER JOIN security s ON s.securityID=a.securityID 
    ) B       
WHERE (a.dateOn is not null) AND (aTotal>0 OR eTotal>0 OR rTotal>0 or dTotal>0)

代替:

quarkus.oidc.client-type=web-app

来源:https://quarkus.io/guides/security-openid-connect-web-authentication

答案 1 :(得分:0)

“已启用服务帐户”已关闭。启用它应该可以解决问题。

相关问题
最新问题