I have a NestJs server application in a docker container. i would like to secure the different enddpoint of my API with keycloak, I use JWT with keycloak but when i want to reach a secure endpoint it’s return the error :
"WARN [Keycloak] Cannot validate access token: Error: Grant validation failed. Reason: invalid token (wrong ISS)
"
I use the npm package “nest-keycloak-connect”
I try to reach a secure endpoint with an frontend application build with angular and secure by keycloak to .
My object of configuration is :
KeycloakConnectModule.register({
authServerUrl:
'http://localhost:8080/realms/Cop_saas/protocol/openid-connect/auth',
realm: 'my_realm',
clientId: 'nest-app',
secret: 'xxxxxxxxxxxxxxxxx',
policyEnforcement: PolicyEnforcementMode.PERMISSIVE, // optional
tokenValidation: TokenValidation.ONLINE,
{
"exp": 1702050693,
"iat": 1702050393,
"auth_time": 1702050392,
"jti": "8a1d65ad-7850-454d-9b29-c5f8a56242de",
"iss": "http://localhost:8080/realms/Cop_saas",
"aud": "account",
"sub": "bfe25071-688e-45b4-bd72-40391f62f9ce",
"typ": "Bearer",
"azp": "KMO_Predict",
"nonce": "53d2a0aa-dd32-47bb-8a50-38bffcdfc059",
"session_state": "8bd773a0-70bb-4d5f-915a-764d3fdd30a8",
"acr": "1",
"allowed-origins": [
"*"
],
"realm_access": {
"roles": [
"kmo-predict_admin",
"offline_access",
"cop_super-user",
"default-roles-cop_saas",
"uma_authorization",
"cop_developer"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "openid email profile",
"sid": "8bd773a0-70bb-4d5f-915a-764d3fdd30a8",
"email_verified": true,
"name": "Grégoire Chevalier",
"preferred_username": "g.chevalier",
"given_name": "Grégoire",
"family_name": "Chevalier",
"email": "g.chevalier@cop-amaco.com"
}
thank you for your time