401 Client Error: Unauthorized for url:


UI/Application - Python/Django (v2.2)
OpenID Connect - mozilla-django-oidc==1.2.4
Keycloak v12.0.4

My UI and Keycloak are both running in a Kubernetes cluster (v1.21.1), and communication is facilitated via a Kubernetes Service (LoadBalancer)


NAME                            TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                           AGE
trolleye-commandcenter-ui-svc   LoadBalancer    <pending>     443:30901/TCP                                                                      3d8h                                                                17d
trolleye-keycloak-svc           LoadBalancer    <pending>     8080:32355/TCP,8443:30944/TCP                                                      15d


NAME                                         READY   STATUS    RESTARTS   AGE    IP               NODE           NOMINATED NODE   READINESS GATES
trolleye-commandcenter-ui-7594df9cb7-8dh2z   1/1     Running   0          127m   k8s- worker-1   <none>           <none>
trolleye-keycloak-75d57744df-9h5g5           1/1     Running   1          4d7h   k8s-worker-1   <none>           <none>

I’m able to log in and successfully perform MFA. But when I get redirected back to oidc/callback/ the Mozilla client fails with the following error:

401 Client Error: Unauthorized for url: https://trolleye-keycloak-svc:8443/auth/realms/trolleye/protocol/openid-connect/userinfo

Keycloak shows the following error:

21:05:01,826 WARN  [org.keycloak.events] (default task-18) type=USER_INFO_REQUEST_ERROR, realmId=trolleye, clientId=null, userId=null, ipAddress=, error=invalid_token, auth_method=validate_access_token

I’m not sure where to go from here, or what else I could do to troubleshoot this. Any help is greatly appreciated.

Thank you!