Unable to authorize applications with keycloak via oauth2 proxy using Bearer token

114 Views Asked by GargiM At 06 February 2024 at 07:25

I am trying to integrate keycloak with the kubernetes applications using oauth2 proxy. The use case is to authorize applications and API calls using keycloak with browser login/Bearer token. I have an example application, oauth2 proxy and keycloak running in the same namespace of kubernetes cluster. All the 3 applications are behind nginx-ingress.

Currently I am able to authorize the application using the keycloak browser login, but facing issue while authenticating it using curl request or with postman.

Expected Behaviour: The expected behaviour is that it should authorize the request using bearer token and give me the output from example app.

Microservice Endpoints:

keycloak: keycloak.microservices.com
example-app: app.microservices.com/demo-service
oauth2 proxy: app.microservices.com/oauth2

What I tried:

Tried making curl request using -H "Authorization Bearer TOKEN". It returns 302 redirect error
Tried making request from postman but it returns 200 OK with html code for keycloak sign in page.
I tried changing config in oauth2 config.

current oauth2-proxy configmap arguments:

oauth2-proxy.cfg: |-
    provider="keycloak"
    provider_display_name="Keycloak"
    login_url="https://<DOMAIN>/realms/test/protocol/openid-connect/auth"
    redeem_url="https://<DOMAIN>/realms/test/protocol/openid-connect/token"
    validate_url="https://<DOMAIN>/realms/test/protocol/openid-connect/userinfo"
    profile_url="https://<DOMAIN>/realms/test/protocol/openid-connect/userinfo"
    skip_jwt_bearer_tokens="true"
    pass_authorization_header = "true"
    pass_access_token = "true"
    pass_user_headers = "true"
    pass_basic_auth= "true"
    set_authorization_header = "true"
    set_xauthrequest = "true"
    cookie_refresh = "1m"
    cookie_expire = "30m"
    request_logging="true"
    auth_logging="true"
    standard_logging="true"
    client_id="CLIENT_ID"
    client_secret="xyz"
    cookie_secret="xyz"
    cookie_secure="true"
    # Upstream config
    http_address="0.0.0.0:4180"
    upstreams="file:///dev/null"
    email_domains=["*"]
    oidc_issuer_url="https://<DOMAIN>/realms/nginx-plus"
    cookie_domains=["*"]
    scope="openid"
    whitelist_domains=["*"]

error:

Error retrieving session from token in Authorization header: [unable to verify bearer token, not implemented]

example-app ingress annotations:

nginx.ingress.kubernetes.io/auth-signin: http://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: http://oauth-proxy.keycloak.svc.cluster.local:4180/oauth2/auth
nginx.ingress.kubernetes.io/auth-response-headers: "x-auth-request-user, x-auth-request-email"

Original Q&A

Unable to authorize applications with keycloak via oauth2 proxy using Bearer token

There are 0 best solutions below

Related Questions in OAUTH-2.0

Related Questions in KEYCLOAK

Related Questions in OPENID-CONNECT

Related Questions in KEYCLOAK-REST-API

Related Questions in OAUTH2-PROXY

Trending Questions

Popular # Hahtags

Popular Questions