Open
Description
Description
Version: 0.48.0
rohas login
command already works against new versions of Keycloak, but the token refresh fails because it injects /auth
into the URL path (which is no anymore mandatory since Quarkus distribution).
For example, after running a login like:
rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli
We receive the error:
Could not find resource for full path: http://localhost:8083/auth/realms/demo-apicurio/protocol/openid-connect/token.
Steps to reproduce
- Install this apicurio infrastructure on local Kubernetes (e.g. minikube) https://github.com/bf2fc6cc711aee1a0c2a/srs-fleet-manager/tree/feat/hackathon/dist/k8s-dev#start-multitenant-apicurio-registry-infrastructure-for-kubernetes-dev-mode
- run login:
rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli
- receive the error.
Expected vs actual behaviour
The CLI should respect the URL without injecting /auth
.
Workaround
Is currently possible to workaround this issue by setting the retro-compatibility option:
KC_HTTP_RELATIVE_PATH: /auth