Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-6810

Node.js adapter - Wrong response code when not logged in

    Details

      Description

      given this example application https://github.com/bucharest-gold/nodejs-rest-http-secured , there is 1 endpoint "/api/greeting", it is protected with the basic keycloak-connect setup. https://github.com/bucharest-gold/nodejs-rest-http-secured/blob/master/app.js#L49

      If we run this locally, with "npm start", and just curl that endpoint, "curl http://localhost:3000/api/greeting" it will return with a 403.

      There was an issue raised that it should be a 401, https://github.com/bucharest-gold/nodejs-rest-http-secured/issues/52

      The way this comment makes it sound, https://github.com/keycloak/keycloak-nodejs-connect/blob/master/index.js#L232 is that the 403 is correct

      If we look at the complimentary vert.x and swarm examples, https://github.com/openshiftio-vertx-boosters/vertx-secured-http-booster and https://github.com/wildfly-swarm-openshiftio-boosters/wfswarm-rest-http-secured

      a similar curl will result in a 401 when not logged in.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  lucas.holmquist Lucas Holmquist
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated: