I’m having an issue with a secured microservice denying access and returning “Token invalid” because of the issuer.
I’ve checked out the motivation and resolutions of frontend-url and back-channel URL, also all the set ups with reverse proxies etc. but I still find myself without an easy solution.
My problem isn’t that I invoke different URLs from my frontend, or backend/internal cluster, but it is that I have two different domains pointing to the same Keycloak server.
Say, I have a secured microservice and depending on some circumstances, I redirect users to either domain A, or B. Now, the secured microservice is configured with the A domain as auth server URL, causing all the tokens from B, to be invalid - as the issuer is invalid.
Can I actually make use of the existing enhances that touch on this, or can I find a workaround?
Can I set the issuer explicitly in my realm configuration, or set two auth server URLs on the client?
Any other ideas and workarounds for this setup?