swaggerkeycloaknest

nest-keycloak-connect realmUrl missing first part of the url

I'm working on a nest.js API with Swagger and keycloak. Currently I'm trying to change the library I'm using from keycloak-connect (which is working to authenticate and authorize user) to nest-keycloak-connect. After adding some extra necesary info like the secret which is mandatory on this library but not on the other, after authenticating with swagger and keycloak, I'm still having an error when trying to access any controller after registering the AuthGuard globally on app.module, on call to protected controller endpoint I get "invalid token (wrong ISS)". It is strange that the url mismatch is pretty noticeable as is missing the whole initial part of the url as can be appreciaited on the image below

(debugging on keycloak-connect/middleware/auth-utils/grant-manager.js)

enter image description here

Keycloak config:

      keycloak: {
        'auth-server-url': 'http://192.168.0.35:9090',
        realm: 'my-realm',
        'ssl-required': 'external',
        // resource: 'my-api',
        resource: 'my-api',
        'confidential-port': '0',
        clientId: 'my-api',
        secret: 'secret',
      },

This is my controller I'm trying to access:

    @ApiTags('protected') 
    @ApiBearerAuth('oauth2') 
    @Controller('protected')
    export class ProtectedController {
      @Get()
      findAll() {
        console.log('protected')
        return 'This is a protected route'
      }
    }

and this is my swagger config

     SwaggerModule.setup('swagger', app, document, {
        swaggerOptions: {
          oauth2RedirectUrl: arcaneConfig.swaggerConfig.redirectUri,
          initOAuth: {
            usePkceWithAuthorizationCodeGrant: true,
            clientId: arcaneConfig.swaggerConfig.clientId,
            clientSecret: arcaneConfig.swaggerConfig.secret,
            realm: arcaneConfig.keycloak.realm,
            scopes: ['openid'],
          },
        },

Any help is appreciated.

Solution

  • So this was quite silly, the base library "keycloak-connect" uses 'auth-server-url' but the other "nest-keycloak-connect" uses camel case instead 'authServerUrl', what is really weird is that is not linting an error because the first one is also supported for some reason but is clearly not working, it may have been left there for legacy reasons but is not being used as far as I can tell.

    Just in case it helps anyone I was able to see the authServerUrl was empty on node_modules/keycloak-connect/keyclaok.js enter image description here