Keycloak : invalid token issuer when running locally with docker

Recently, I had to produce a docker compose file to share a demo of a React + Spring Boot app using Keycloak.

The setup is pretty straightforward

However, some keycloak / openid specifics make this setup invalid for when the spring boot application tries to validate the token.

The url the frontend application is using to reach keycloak is different that the one the spring boot application is using to connect to within the docker network :

That leads to the following exception :

error=”invalid_token”, error_description=”Invalid token issuer. Expected ‘http://keycloak:8080/auth/realms/demo’, but was ‘http://localhost:8080/auth/realms/demo'”

To solve this issue, I had to add the following setting to the keycloak proxy-url config of the spring boot application :

- keycloak.auth-server-url=http://localhost:8080/auth
- keycloak.proxy-url=http://keycloak:8080/auth
- keycloak.realm=demo
- keycloak.resource=demo-client
- keycloak.public-client=true
- keycloak.principal-attribute=preferred_username
- keycloak.use-resource-role-mappings=true
- keycloak.enabled=true

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s