Greetings everyone,
I have a case on an environment where Keycloak is handling auth,
all coms are then rproxied using traefik thus keycloak ports being bound to traefik and served on a specific path named “auth”.
Then there are Frontend container and Backend container and various other containers forming up the cluster. As the cluster is designed at the frontend we use keycloak-js which redirects all unauthenticated users to /auth and after successful login it redirects user and we get access to bearer and provide it at each further request on Backend api.
Since Keycloak and Backend are on same network I was trying to perform bearer validation by Keycloak internally by performing a GET request on
https://{keycloak-hostname}/realms/x/protocol/openid-connect/userinfo
by providing header param: Authorization: Bearer {token}
All I get as response is:
{
“statusCode”: 401,
“message”: “connect ECONNREFUSED 172.18.0.12:443”
}
Assuming the IP is the local ip of keycloak container, I suppose the port is bound to traefik and then you can later on access the rest when it goes over DNS.
Is there an alternative about this task all we need is just verify bearer but is that doable with an internal network? Without having to go around the internet.
Best regards