Keycloak with NGINX proxy server not authenticating rest api
Three years later, I have encountered the same problem. Maybe you have solved it, but I guess there are still many people who have encountered this problem like me. My solution is to use openresty. You will find many tutorials or code fragments of openresty. I won't talk more about it here.
I just put access_token in the request header after the openresty authentication is passed, just like this
local opts = { redirect_uri_path = "/redirect_uri", discovery = "https://a.b.c.d:8093/auth/realms/xxx/.well-known/openid-configuration", client_id = "client_id", client_secret = "client_secret", redirect_uri_scheme = "https", logout_path = "/logout", redirect_after_logout_uri = "https://a.b.c.d:8093/auth/realms/xxx/protocol/openid-connect/logout?redirect_uri=https://a.b.c.d:8093/", scope = "openid email", access_token_expires_leeway = 0, accept_none_alg = false, accept_unsupported_alg = false, renew_access_token_on_expiry = true, session_contents = {access_token=true, id_token = true}}local res, err = require("resty.openidc").authenticate(opts)if err then ngx.status = 403 ngx.say(err) ngx.exit(ngx.HTTP_FORBIDDEN)endngx.req.set_header("Authorization", "Bearer " .. res.access_token)
In the nginx configuration file, I did this
location /auth/ { proxy_pass http://keycloak:8080/auth/; proxy_set_header Host $host:$server_port; } location / { access_by_lua_block { require("oidc/acc")() } try_files $uri $uri/ /index.html; index index.html; } location /api/ { access_by_lua_block { require("oidc/acc")() } proxy_set_header Host $host:$server_port; proxy_pass http://gateway:8881/api/; }