I am using docker to deploy an application with:
I have the following configuration:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: https://example.com/realms/petclinic
This works fine, however if I want to deploy the application using a self-signed SSL certificate, then the Spring Boot container can no longer connect to Keycloak through https://. I cannot control what certificates people will use to use the application with.
I cannot change the issuer-uri to the http:// address as then the tokens will fail validation when used by the end-user, as the Keycloak host remains https://example.com/realms/petclinic.
I was wondering if there was an option to allow the Spring Boot OAuth resourceserver to always connect and configure itself with Keycloak over the local docker http://keycloak address?
It seems the issuer-uri and resourceserver auto-configuration are coupled together, which I don't think was the case for the Keycloak Java adapter.
Using issuer-uri also adds an issuer validator to the JWT decoder.
You can use the jwk-set-uri instead (no issuer validation) or in addition to issuer-uri (when you want issuer validation but the OpenID config can't be fetched from the issuer URI)