Search code examples
keycloakkongkong-pluginkonga

Passing Bearer token from kong to keycloak to be authenticated and then procceds to api call


I have set up keycloak-oidc on kong, and I have a protected API behind kong. I am able to call keycloak through kong because I added a filter /auth/*. Below is my oidc configuration for keycloak.

enter image description here

I configured my REALM and CLIENT_ID on keycloak as follows:

enter image description here

When I call the protected API with Bearer token acquired from keycloak, I am unable to reach the protcted API as Keycloak returns

{ "error": "invalid_request", "error_description": "Missing parameter: username" }

I have turned off the Standard Flow, yet I am unable to get authenticated by keyclaok and be passed on to the protected API.

Please what am I doing wrong?


Solution

  • First of all, I had to upgrade my kong-oidc from kong-oidc 1.0.1 to kong-oidc 1.1.0, then I simply just updated my introspection endpoint in the oidc plugin configuration as shown below, in the images I shared in the question above, the introspection endpoint field was not present and hence could not be set until after the upgrade

    enter image description here