Need support in resolving 401 Unauthorized Error for Multi Tenant JWT Auth with Resource Server

[saravanad]

Hi @ch4mpy ,

My Spring boot is acting as a Resource Sever. I am trying to validate the JWT Token from different keycloak realms. I was following the last approach mentioned in this post https://github.com/spring-projects/spring-security/issues/13808

When i try to use the access token from postman, i am getting the 401 error. The Server logs states about creating a session, which i guess shouldn't happen now, as it is not supposed to act as BFF.

Could you please give me some pointers on where it could have gone wrong and how to debug this?

Thanks, Saravana

[ch4mpy]

This is an issue tracker, not a forum and a request for assistance is not a bug.

An OAuth2 BFF is a client, not a resource server.

Requests to an OAuth2 BFF are authorized with sessions cookies, not Bearer tokens.