Keycloak : invalid token issuer when running locally with docker

Recently, I had to produce a docker compose file to share a demo of a React + Spring Boot app using Keycloak.

The setup is pretty straightforward

However, some keycloak / openid specifics make this setup invalid for when the spring boot application tries to validate the token.

The url the frontend application is using to reach keycloak is different that the one the spring boot application is using to connect to within the docker network :

That leads to the following exception :

error=”invalid_token”, error_description=”Invalid token issuer. Expected ‘http://keycloak:8080/auth/realms/demo’, but was ‘http://localhost:8080/auth/realms/demo'”

To solve this issue, I had to add the following setting to the keycloak proxy-url config of the spring boot application :

- keycloak.auth-server-url=http://localhost:8080/auth
- keycloak.proxy-url=http://keycloak:8080/auth
- keycloak.realm=demo
- keycloak.resource=demo-client
- keycloak.public-client=true
- keycloak.principal-attribute=preferred_username
- keycloak.use-resource-role-mappings=true
- keycloak.enabled=true