Discussion on: Keycloak Express Openid-client

View post

Hey, Austin! Thank you so much for your article, I was able to make it work locally with it! :D

However, I'm facing some issues to run my application on docker. When I try to run both Keycloak and the application on containers, I receive the following error:

Error: connect ECONNREFUSED 127.0.0.1:8080
users-app  |     at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1195:16) {
users-app  |   errno: -111,
users-app  |   code: 'ECONNREFUSED',
users-app  |   syscall: 'connect',
users-app  |   address: '127.0.0.1',
users-app  |   port: 8080
users-app  | }

I'm running keycloak through docker-compose on port 8080 and using http://localhost:8080/auth/realms/my-realm/.well-known/openid-configuration on Issuer.discover. When trying to access this link through the browser, it works normally.

Do you have some hint on what may be causing it? I tried to tie a bridge network between keycloak container and nodejs container and it did not work also.

Tatiana Vitorello • May 23 '22

Also, here's how I configured my apps on docker-compose.yml:

Network:

networks:
  app-tier:
    driver: bridge

Keycloak:

keycloak:
    container_name: keycloak
    image: jboss/keycloak:latest
    restart: always
    environment:
      DB_VENDOR: POSTGRES
      DB_ADDR: postgres
      DB_DATABASE: postgres
      DB_USER: postgres
      DB_SCHEMA: public
      DB_PASSWORD: password
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      JDBC_PARAMS: "useSSL=false"
    ports:
      - 8080:8080
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - app-tier

And Node app:

users-app:
    container_name: users-app
    build: 
      context: .
      dockerfile: ./server/users/Dockerfile
    restart: always
    ports:
      - 8880:8880
    environment:
      - DOPPLER_TOKEN
    networks:
      - app-tier

Austin Cunningham • May 24 '22 • Edited

Thanks for taking the time to try this out in a docker container. So the issue is this line github.com/austincunningham/keyclo... where the localhost is the localhost inside the container and has no visibility on the global localhost (if that makes sense). Some solutions here how-to-connect-to-localhost-within... , I tried

ip addr show docker0

to get the ip address and use that instead of localhost in the code and rebuilt the container

const keycloakIssuer = await Issuer.discover('http://172.17.0.1:8080/realms/keycloak-express')

Looks to be working

docker run -p 3000:3000 quay.io/austincunningham/keycloak-express-openid-client:latest
Discovered issuer http://172.17.0.1:8080/realms/keycloak-express {
  claim_types_supported: [ 'normal' ],
  claims_parameter_supported: true,
  grant_types_supported: [
    'authorization_code',
    'implicit',
    'refresh_token',
    'password',
    'client_credentials',
    'urn:ietf:params:oauth:grant-type:device_code',
    'urn:openid:params:grant-type:ciba'
  ],...

Austin Cunningham • May 25 '22

There has to be a better way to get the docker0 ip address. This will get it

ifconfig | awk '/docker0/{getline; print}' | awk '{ print $2 }'

You can then create an environment variable

export DOCKERHOST=$(ifconfig | awk '/docker0/{getline; print}' | awk '{ print $2 }')

Change the issuer to use the environment variable

const keycloakIssuer = await Issuer.discover("http://"+ process.env.DOCKERHOST +":8080/realms/keycloak-express")

Can pass it in on docker run

docker run -p 3000:3000 -e DOCKERHOST=$DOCKERHOST quay.io/austincunningham/keycloak-express-openid-client:latest

For docker compose you can use a env file to pass in environment variables

Tatiana Vitorello • Jul 5 '22

Hey, Austin! Sorry for taking so long to reply, but I wanted to thank you for your help! It really helped me and worked like a charm! :)