keycloak-connect nodejs / meteor - Getting access denied at first login only and prod only

Question

I have a meteor/nodeJs app that needs to connect to my client to authentify. I set up a connection access point as such (I just anonymized the various values):

import Keycloak from "keycloak-connect";
import { WebApp } from "meteor/webapp";
import express from "express";
import session from "express-session";

const app = express();
const memoryStore = new session.MemoryStore();

app.use(
  session({
    secret: "secret",
    resave: false,
    saveUninitialized: true,
    store: memoryStore,
  })
);

const kcConfig = {
  clientId: "clientId",
  serverUrl: "realmUrl",
  realm: "clientName",
  realmPublicKey: "publicKey",
};

const keycloak = new Keycloak({ store: memoryStore }, kcConfig);
app.use(keycloak.middleware());

app.get("/connect", keycloak.protect(), (req, res) => {
// doing my stuff here
  res.writeHead(301, {
    Location: "/connected",
  });
  res.end();
});

WebApp.connectHandlers.use(app);

The problem is:

• When I run my server locally and go to the /connect link, I am redirected to the connection platform. I connect and I am sent back to my localhost:3000/connected => Everything works as intended
• when I do exactly the same flow on the production environment I am getting an access denied (blank page with only access denied written) after trying to login for the first time. If I then manually go back to the /connect link I am getting directly connected (I guess I got the token properly and could connect again)

I don't know why the behaviour is different on both environment and why I am getting an access denied page when in prod.

Answer 1

As mentioned in comments I had an issue with my ROOT_URL, a trailing slash was left. Went better after removing it.