Should have a option to do authentication using Keycloak

AbhishekRH

It would be highly beneficial to integrate Keycloak as an authentication option in NodeBB, as it aligns with the authentication system used by my primary website. This integration would enable seamless Single Sign-On (SSO) for users, eliminating the need to manage separate sign-ups for the main application and the forum. By leveraging Keycloak, which offers robust authentication and authorization features, the forum can inherit the security and scalability of the existing setup. This not only simplifies the user experience but also ensures consistency in user management across both platforms, enhancing overall efficiency and usability.

julian

@AbhishekRH Have you tried the sso-oauth2-multiple plugin? It might be compatible with a keycloak server.

AbhishekRH

Yes, I have tried the sso-oauth2-multiple plugin, and I am currently working on it. However, I am facing some issues. While the user credentials for login and registration are being stored in Keycloak, I am encountering the following errors:

Refresh Token Error:
2024-11-21 18:49:12,101 WARN [org.keycloak.events] (executor-thread-17) type="REFRESH_TOKEN_ERROR", realmId="REDACTED", realmName="REDACTED", clientId="REDACTED", userId="null", ipAddress="0:0:0:0:0:0:0:1", error="invalid_token", reason="Token is not active", grant_type="refresh_token", client_auth_method="client-secret"

Login Error:
2024-11-21 18:49:40,492 WARN [org.keycloak.events] (executor-thread-18) type="LOGIN_ERROR", realmId="REDACTED", realmName="REDACTED", clientId="REDACTED", userId="REDACTED", ipAddress="0:0:0:0:0:0:0:1", error="invalid_user_credentials", auth_method="openid-connect", auth_type="code", redirect_uri="http://localhost/REDACTED", code_id="REDACTED", username="REDACTED"

also seeing the following errors in the console.

These errors seem to suggest issues with either the refresh token being inactive or invalid user credentials during login. Do you have any suggestions on resolving these?