Seems i've come across a problem I cannot solve using flask-oidc.
You need to make sure that you introspect the token using the same DNS hostname/port as the token issuer. Unfortunately that's a not widely documented "feature" of Keycloak.
The workaround is to add to the introspection request a header defining the Host: <address> of the issuer. There is no option to do this in flask-oidc.
This is defined in OpenID Connect documentation also:
Seems i've come across a problem I cannot solve using flask-oidc.
The workaround is to add to the introspection request a header defining the
Host: <address>
of the issuer. There is no option to do this inflask-oidc
.This is defined in OpenID Connect documentation also:
https://openid.net/specs/openid-connect-basic-1_0.html
This could be done by adding a new config variable that is loaded in from Flask.