Keycloak with krakend giving error 403 after correct login?

Question

Hi I am trying to make an authentication using Keycloak and Krakend, i can send my request, log in and then when i try to access the resource (using Insomnia) i get:

403 Forbidden: No body returned for response.

I don't know why this is its behaviour, please help!

This is my Krakend.json configuration file:

{
  "$schema": "https://www.krakend.io/schema/v3.json",
  "version": 3,
  "timeout": "10s",
  "name": "APIGateway",
  "port": 8402,
  "extra_config": {
    "security/cors": {
      "allow_origins": [
        "*"
      ],
      "allow_methods": [
        "GET",
        "POST",
        "PUT",
        "DELETE",
        "HEAD"
      ],
      "expose_headers": [
        "Content-Length",
        "Content-Type",
        "Authorization"
      ],
      "allow_headers": [
        "*"
      ],
      "allow_credentials": true,
      "debug": true
    }
  },
  "endpoints": [
    {
      "endpoint": "/go",
      "method": "GET",
      "output_encoding": "no-op",
      "extra_config": {
        "auth/validator": {
          "alg": "RS256",
          "roles": [
            "user",
            "admin"
          ],
          "jwk_url": "http://192.168.3.10:8403/auth/realms/pippo/protocol/openid-connect/certs",
          "disable_jwk_security": true
        }
      },
      "backend": [
        {
          "url_pattern": "/api",
          "host": [
            "http://192.168.3.10:8080"
          ]
        }
      ]
    }
  ]
}

In Keycloak i created my realm, user with credentials (using admin permissions) and client, i think it's correct because my login with access token works fine, after the login I got 403.

Here's my service written in go:

func JSONHandler(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"ciao": "ciao"})
}

func Init() {
    router := gin.Default()
    router.Use(middlewares.CORS())
    router.GET("/api", JSONHandler)
    err := router.Run(":8080")
    if err != nil {
        log.Fatal("Oh no")
    }
}

Answer 1

Modifying the field:

"$schema": "https://www.krakend.io/schema/v3.json"

to

 "$schema": "https://www.krakend.io/schema/v2.4.3.json"

solved my problem!

Answer 2

You can check roles and tokens. Ensure that the backend service (/api endpoint written in Go) does not have any additional authorization checks that could be causing the 403 Forbidden error. Since you are using middleware for CORS in your Go service, ensure that it is correctly configured to allow requests from Krakend.

or mayde you can do thats for debugging;

check manually response and header debug:

curl -v -H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" http://192.168.3.10:8402/go

and for krakend configuration enable error_header and set log level to debug:

"extra_config": {
  "auth/validator": {
    "alg": "RS256",
    "roles": ["user", "admin"],
    "jwk_url": "http://192.168.3.10:8403/auth/realms/pippo/protocol/openid-connect/certs",
    "disable_jwk_security": true,
    "error_headers": true,
    "error_log_level": "DEBUG"
  }
}