Bad discovery URL with KeyCloak Discovery URL

[chiafa-unigre]

Hello,
when I press "Authenticate" button the authentication response is "Bad discovery URL".
I'm using KeyCloak as OIDC provider and so I set in discovery field this url:
https://MYDOMAIN/realms/MYREALM/.well-known/openid-configuration
I've set Client ID and Secret created by Client in KeyCloak and set https://MYNODEREDDOMAIN/openid-credentials/auth/callback in the Redirect URIs of my KeyCloak Client.
Should be a compatibility issue? Or is it a my wrong? I've already used this Discovery URL in other projects and this works.
Thanks a lot for your time and your work!

[ncarlier]

Hello, you should have a more specific reason in the NodeRED logs. Can you check this ?

[chiafa-unigre]

I have only this row:
Discover error {"name":"RequestError","code":"ETIMEDOUT","host":"xx.yyyy.zz","hostname":"xx.yyyy.zz","method":"GET","path":"/realms/myrealm/.well-known/openid-configuration","protocol":"https:","url":"https://xx.yyyyy.zz/realms/myrealm/.well-known/openid-configuration"}

It's seems a timeout error calling the discovery url. But doing a curl call to the discovery url from the node red server I receive the response without any problem.

[ncarlier]

Can you try to access the Kecycloak discovery URL in NodeRed using the http request node?

[chiafa-unigre]

It works fine with http request node.

[ncarlier]

I've slightly updated the logs and dependencies. Can you try again?

[chiafa-unigre]

I've updated your package and now this is the error I see in node red logs:
unable to get issuer from discovery URL during authentication request: {"name":"RPError"}
Looking on google this error seems also related to a timeout issue.

[01/07/2024 update]
I guess the problem is also related to the reverse proxy I use to add ssl to KeyCloak. Using KC direct IP I receive different error:
unable to process authentication callback: {"params":{"code":"e2894e70-c0df-4420-bab2-56d713b7e649.263c4af9-c089-4734-99c6-bac0d63c0c95.1cca93e0-379f-49a5-9679-50e31d266b81"},"name":"RPError"}

Maybe these errors are related to my network achitecture. I need to investigate further. I'm really sorry if I wasted your time. Thanks again.

[ncarlier]

Don't be sorry! You don't waste my time :)
Maybe your Keycloak instance is not aware of your reverse proxy: https://www.keycloak.org/server/reverseproxy

[chiafa-unigre]

Thanks for your kindness! The Keycloak instance is well configured for reverse proxy. I use kc in production from almost three years with more than 15 web app client. I also use kc as login provider for Node Red whitout problem. I guess the issue with the openid node is something reletaed with reverse proxy but I don't understand what...