Closed kelfhk closed 7 months ago
Thanks for the report, but unfortunately due the amount of other reported issues and other priorities, Keycloak team does not have time to properly triage this bug. So preliminary added to Backlog for now. It will be helpful if:
Thanks for reporting this issue. However, after review this is not considered a valid issue, or has been recently resolved.
As the issue is not valid it will be automatically closed.
I've closed this as this issue is in fact "Out of date". Keycoak OIDC adapters are deprecated and likely will be removed and we're not going to add any further improvements to them. Please consider switch to Elytron OIDC adapter (if your application is on Wildfly application server) and open bug/rfe against it if you have further questions related to this.
Area
authentication
Describe the bug
I was trying to follow the same multitenancy setup as the official documentation, but with credentials in my keycloak.json file, but keycloak does not seem to authorize access token properly.
It appears to call the resolve function of my customized KeycloakConfigResolver multiple times. It does authorize the token at the first time it calls to resolve, but it then shows 'Failed to verify token' every time after that.
And at the end, it fails to verify my access token.
Version
18.0.2
Expected behavior
Without my customized KeycloakConfigResolver, it authorizes my access token successfully.
And even with the default implementation of KeycloakConfigResolver, KeycloakSpringBootConfigResolver(), it manages to authorize my access token successfully.
I was expecting the same behavior happened to my customized resolver.
Actual behavior
The complete log of the events is shown as below:
You can see the first authentication is success, then every after that returns Failed to verify token from o.k.a.BearerTokenRequestAuthenticator. But I am sure that the token was not expired by then.
How to Reproduce?
Here's my customized head-based keycloakconfigresolver
With the function to initialized the bean
And the keycloak json I added credentials into
A simple keycloak configuration with credentials and controller should be able to test it
Anything else?
No response