-
Notifications
You must be signed in to change notification settings - Fork 4
Wrong response code when not logged in #52
Comments
The booster itself doesn't specify any codes, it is returning whatever keycloak is returning |
OK so should I report it to docs to change it, or can it be fixed in the booster? |
perhaps the docs. have you tried the other runtimes SSO booster, like vert.x or swarm. what are they returning. its been a while since i did those |
I tried a spingboot booster, which returns 401 - behaves correctly |
ok, i'll try it out. could be the keycloak-connect adapter? are you using curl or the web page to test ? |
I found this bug during manual testing though web page. But with curl there is same problem. |
And from my perspective, keycloak-connect adapter is good. |
seeing the same thing. i'll see if i can track down what is going on |
This is the code that is run the very first time a request comes in for the https://github.com/keycloak/keycloak-nodejs-connect/blob/master/index.js#L233 according to the comments "... or has failed to authenticate at all ..." makes it seem like the resulting 403 is ok here. i'll have to check with the keycloak team here |
I already create a pull request for it: |
It was a bug in keycloak-connect, filed the JIRA, https://issues.jboss.org/browse/KEYCLOAK-6810 |
@abstractj it appears this PR was closed but not merged. Any update on this? |
@lance the PR was closed because integration tests were failing and but unfortunately I didn't have enough time to fix them. |
If user invokes the greeting service and is not logged in, the service should return code 401 (Unauthenticated) instead it returns 403 (access denied).
The text was updated successfully, but these errors were encountered: