Skip to content

Support Keycloak Quarkus distribution #1709

Open
@andreaTP

Description

@andreaTP

Description

Version: 0.48.0

rohas login command already works against new versions of Keycloak, but the token refresh fails because it injects /auth into the URL path (which is no anymore mandatory since Quarkus distribution).

For example, after running a login like:

rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli

We receive the error:

Could not find resource for full path: http://localhost:8083/auth/realms/demo-apicurio/protocol/openid-connect/token.

Steps to reproduce

  1. Install this apicurio infrastructure on local Kubernetes (e.g. minikube) https://github.com/bf2fc6cc711aee1a0c2a/srs-fleet-manager/tree/feat/hackathon/dist/k8s-dev#start-multitenant-apicurio-registry-infrastructure-for-kubernetes-dev-mode
  2. run login: rhoas login --api-gateway http://localhost:8081 --auth-url http://localhost:8083/realms/demo-apicurio --client-id apicurio-cli
  3. receive the error.

Expected vs actual behaviour

The CLI should respect the URL without injecting /auth.

Workaround

Is currently possible to workaround this issue by setting the retro-compatibility option:
KC_HTTP_RELATIVE_PATH: /auth

https://github.com/andreaTP/srs-fleet-manager/blob/b2fe84f373c33ff32f5ecf7b4f42b31fcc48b3fc/dist/k8s-dev/keycloak.yaml#L47-L48

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions