I’m deploying a website using authentication via Keycloak. The frontend of the website is deployed on Google Cloud Run, and the Keycloak server is running in a container on a Google Compute Engine instance. The frontend is built using Nextjs and the authentication is configured via NextAuth.
When running the frontend server locally, I am able to connect to the Keycloak instance running in the Compute Engine and successfully go through the login process. However, in deployment, when I click on the login button (which calls the NextAuth ‘signOut’ function), it times out and redirects to a screen like this:
error screen
With the Cloud Run error log reading:
<code>DEFAULT 2024-07-11T21:13:09.616627Z https://next-auth.js.org/errors#signin_oauth_error outgoing request timed out after 3500ms {
DEFAULT 2024-07-11T21:13:09.616633Z error: {
DEFAULT 2024-07-11T21:13:09.616639Z message: 'outgoing request timed out after 3500ms',
DEFAULT 2024-07-11T21:13:09.616648Z stack: 'i: outgoing request timed out after 3500msn' +
DEFAULT 2024-07-11T21:13:09.616654Z ' at /app/.next/server/chunks/312.js:39:37437n' +
DEFAULT 2024-07-11T21:13:09.616659Z ' at async _.discover (/app/.next/server/chunks/312.js:39:42108)n' +
DEFAULT 2024-07-11T21:13:09.616665Z ' at async o (/app/.next/server/chunks/312.js:6:125880)n' +
DEFAULT 2024-07-11T21:13:09.616670Z ' at async s (/app/.next/server/chunks/312.js:6:118226)n' +
DEFAULT 2024-07-11T21:13:09.616675Z ' at async Object.s (/app/.next/server/chunks/312.js:30:8621)n' +
DEFAULT 2024-07-11T21:13:09.616680Z ' at async _ (/app/.next/server/chunks/312.js:6:103586)n' +
DEFAULT 2024-07-11T21:13:09.616685Z ' at async a (/app/.next/server/chunks/312.js:30:19579)n' +
DEFAULT 2024-07-11T21:13:09.616690Z ' at async e.length.t (/app/.next/server/chunks/312.js:30:20990)n' +
DEFAULT 2024-07-11T21:13:09.616695Z ' at async /app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:34666n' +
DEFAULT 2024-07-11T21:13:09.616701Z ' at async eS.execute (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:25813)',
DEFAULT 2024-07-11T21:13:09.616706Z name: 'i'
DEFAULT 2024-07-11T21:13:09.616710Z },
DEFAULT 2024-07-11T21:13:09.616715Z providerId: 'keycloak',
DEFAULT 2024-07-11T21:13:09.616721Z message: 'outgoing request timed out after 3500ms'
DEFAULT 2024-07-11T21:13:09.616726Z }
<code>DEFAULT 2024-07-11T21:13:09.616627Z https://next-auth.js.org/errors#signin_oauth_error outgoing request timed out after 3500ms {
DEFAULT 2024-07-11T21:13:09.616633Z error: {
DEFAULT 2024-07-11T21:13:09.616639Z message: 'outgoing request timed out after 3500ms',
DEFAULT 2024-07-11T21:13:09.616648Z stack: 'i: outgoing request timed out after 3500msn' +
DEFAULT 2024-07-11T21:13:09.616654Z ' at /app/.next/server/chunks/312.js:39:37437n' +
DEFAULT 2024-07-11T21:13:09.616659Z ' at async _.discover (/app/.next/server/chunks/312.js:39:42108)n' +
DEFAULT 2024-07-11T21:13:09.616665Z ' at async o (/app/.next/server/chunks/312.js:6:125880)n' +
DEFAULT 2024-07-11T21:13:09.616670Z ' at async s (/app/.next/server/chunks/312.js:6:118226)n' +
DEFAULT 2024-07-11T21:13:09.616675Z ' at async Object.s (/app/.next/server/chunks/312.js:30:8621)n' +
DEFAULT 2024-07-11T21:13:09.616680Z ' at async _ (/app/.next/server/chunks/312.js:6:103586)n' +
DEFAULT 2024-07-11T21:13:09.616685Z ' at async a (/app/.next/server/chunks/312.js:30:19579)n' +
DEFAULT 2024-07-11T21:13:09.616690Z ' at async e.length.t (/app/.next/server/chunks/312.js:30:20990)n' +
DEFAULT 2024-07-11T21:13:09.616695Z ' at async /app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:34666n' +
DEFAULT 2024-07-11T21:13:09.616701Z ' at async eS.execute (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:25813)',
DEFAULT 2024-07-11T21:13:09.616706Z name: 'i'
DEFAULT 2024-07-11T21:13:09.616710Z },
DEFAULT 2024-07-11T21:13:09.616715Z providerId: 'keycloak',
DEFAULT 2024-07-11T21:13:09.616721Z message: 'outgoing request timed out after 3500ms'
DEFAULT 2024-07-11T21:13:09.616726Z }
</code>
DEFAULT 2024-07-11T21:13:09.616627Z https://next-auth.js.org/errors#signin_oauth_error outgoing request timed out after 3500ms {
DEFAULT 2024-07-11T21:13:09.616633Z error: {
DEFAULT 2024-07-11T21:13:09.616639Z message: 'outgoing request timed out after 3500ms',
DEFAULT 2024-07-11T21:13:09.616648Z stack: 'i: outgoing request timed out after 3500msn' +
DEFAULT 2024-07-11T21:13:09.616654Z ' at /app/.next/server/chunks/312.js:39:37437n' +
DEFAULT 2024-07-11T21:13:09.616659Z ' at async _.discover (/app/.next/server/chunks/312.js:39:42108)n' +
DEFAULT 2024-07-11T21:13:09.616665Z ' at async o (/app/.next/server/chunks/312.js:6:125880)n' +
DEFAULT 2024-07-11T21:13:09.616670Z ' at async s (/app/.next/server/chunks/312.js:6:118226)n' +
DEFAULT 2024-07-11T21:13:09.616675Z ' at async Object.s (/app/.next/server/chunks/312.js:30:8621)n' +
DEFAULT 2024-07-11T21:13:09.616680Z ' at async _ (/app/.next/server/chunks/312.js:6:103586)n' +
DEFAULT 2024-07-11T21:13:09.616685Z ' at async a (/app/.next/server/chunks/312.js:30:19579)n' +
DEFAULT 2024-07-11T21:13:09.616690Z ' at async e.length.t (/app/.next/server/chunks/312.js:30:20990)n' +
DEFAULT 2024-07-11T21:13:09.616695Z ' at async /app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:34666n' +
DEFAULT 2024-07-11T21:13:09.616701Z ' at async eS.execute (/app/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:25813)',
DEFAULT 2024-07-11T21:13:09.616706Z name: 'i'
DEFAULT 2024-07-11T21:13:09.616710Z },
DEFAULT 2024-07-11T21:13:09.616715Z providerId: 'keycloak',
DEFAULT 2024-07-11T21:13:09.616721Z message: 'outgoing request timed out after 3500ms'
DEFAULT 2024-07-11T21:13:09.616726Z }
For reference, my NextAuth Keycloak provider options are set up like this:
clientId: process.env.KEYCLOAK_CLIENT_ID,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
issuer: process.env.KEYCLOAK_ISSUER,
scope: "openid email profile",
url: process.env.KEYCLOAK_AUTH_ENDPOINT,
name: profile.name ?? profile.preferred_username,
has_onboarded: profile.has_onboarded,
<code>providers: [
KeycloakProvider({
clientId: process.env.KEYCLOAK_CLIENT_ID,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
issuer: process.env.KEYCLOAK_ISSUER,
authorization: {
params: {
scope: "openid email profile",
},
url: process.env.KEYCLOAK_AUTH_ENDPOINT,
},
profile(profile) {
return {
id: profile.sub,
name: profile.name ?? profile.preferred_username,
has_onboarded: profile.has_onboarded,
email: profile.email,
};
},
}),
],
</code>
providers: [
KeycloakProvider({
clientId: process.env.KEYCLOAK_CLIENT_ID,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
issuer: process.env.KEYCLOAK_ISSUER,
authorization: {
params: {
scope: "openid email profile",
},
url: process.env.KEYCLOAK_AUTH_ENDPOINT,
},
profile(profile) {
return {
id: profile.sub,
name: profile.name ?? profile.preferred_username,
has_onboarded: profile.has_onboarded,
email: profile.email,
};
},
}),
],
And the environment variables are configured according to the documentation.
How do I get the login button working?
Based on other results online, I have tried:
- setting the timeout to 100 seconds
- deleting the defined “NEXTAUTH_URL” in the environment variables
- many permutations of the issuer environment variable
And nothing has worked so far. I suspect the issue revolves around Cloud Run communicating effectively with Compute Engine, although I have not been able to pinpoint the problem. Both instances are configured to accept traffic from anywhere.