I have a Java application with the following configuration:
quarkus:
oidc:
auth-server-url: http://localhost:8080/auth/realms/ar-console
client-id: ${KEYCLOAK_CLIENT_ID}
credentials:
secret: ${KEYCLOAK_CLIENT_SECRET}
Keycloak and the Java application are running on the same host.
I’m taking token from this Keycloak using Postman but using its external address e.g. http://67.239.34.22:9000
When I tryaing to get to the resource with this token, i receive status 401 Unathorized.
I don’t know why since it’s the same Keycloak server!
I remember it worked on earlier versions of Keycloak, so i suspect that something must have changed at some point.
Can someone explain to me how it is verified whether the received token was generated by the appropriate Keycloak.