I have 2 pods running in the same openshift namespace
Currently my application.properties look like this
spring.security.oauth2.client.registration.keycloak.client-id=my-app
spring.security.oauth2.client.registration.keycloak.client-secret=
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.scope=openid
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://keycloak.my-namespace.svc.cluster.local:8080/realms/my-realm
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
However, when I go to my spring boot app, it redirects me to the internal openshift url (= http://keycloak.my-namespace.svc.cluster.local:8080/realms/my-realm)
I've tried to add
spring.security.oauth2.client.provider.keycloak.authorization-uri=https://keycloak-my-namespace.openshift.mydomain.com/realms/my-realm/protocol/openid-connect/auth
But this gives me a token exception after logging in.
You are using a client registration with authorization code => Spring uses this conf to build refirection URIs for your browser (which runs outside of your cluster) => you should use cluster public URI for your authorization server.
Keycloak should be configured with external service name too (issuer claim,...)