问题
I am building a web app based on ReactJS and it is running during the bulding process on the http://localhost:3000. For security reason, all backend and web apps are protected through Keycloak.
At the moment, Keycloak and backend service account are running on the Kubernetes cluster as you can see on the picture below:
The web app is also procected through Keycloak and it is running on http://localhost:3000. So, when I start the web app, it redirects me to the login page of the Keycloak. After the successfull login, it redirects back to the web app. Afterwards, the web app makes a request to the backend service https://account.dev.example.io and I receive the return http code 403.
Do I receive the return code 403 because of http protocol instead of https?
Or what am I doing wrong?
Update
Here is the overview of the request and response:
I forgot to mention that I have one more web app running on the kubernetes and it also makes a request to backend service account. This works like a charm.
回答1:
HTTP 403 means Forbidden / No access. It could be that your react client is not utilizing the access_token it gets from keycloak.
You should check out Google's AppAuth-JS project, it can help with the auth flow not only in browsers but native applications
https://github.com/openid/AppAuth-JS
来源:https://stackoverflow.com/questions/64711548/receive-403-forbidden-from-keycloak-on-localhost3000