I have an issue with user login/access tokens being invalid, due to the issuer.
Related to this stevenmaguire/oauth2-keycloak/issues/43 but in my case, I don't have an issue with network topology, docker, etc., but with multiple domains pointing to the same Keycloak server.
Say, I have two domains pointing to Keycloak, and a single secured application. Depending on some circumstances I redirect users to either DomainA or DomainB pointing to same Keycloak.
The problem is that, because Keycloak sets the iss field and uses the URL that the user logged in, and because I can only set a single auth_server_url on the secured application, all tokens generated on DomainB ie. all users logging in there, will be denied access.
oauth2-keycloak will only accept tokens generated on DomainA ie. what's set for auth_server_url.
Is there a way to set multiple valid issuers or a set of valid auth_server_urls?
I have an issue with user login/access tokens being invalid, due to the issuer.
Related to this stevenmaguire/oauth2-keycloak/issues/43 but in my case, I don't have an issue with network topology, docker, etc., but with multiple domains pointing to the same Keycloak server.
Say, I have two domains pointing to Keycloak, and a single secured application. Depending on some circumstances I redirect users to either DomainA or DomainB pointing to same Keycloak.
The problem is that, because Keycloak sets the iss field and uses the URL that the user logged in, and because I can only set a single auth_server_url on the secured application, all tokens generated on DomainB ie. all users logging in there, will be denied access.
oauth2-keycloak will only accept tokens generated on DomainA ie. what's set for auth_server_url.
Is there a way to set multiple valid issuers or a set of valid auth_server_urls?
Any workarounds for this?