I’m trying to use the tokens generated by my keycloak server in Tyk. The token is valid (checked in jwt.io) and I have added a mapper to set the (sub) claim value to the tyk key id.
My problem is that tyk keeps saying that the “Key not authorized”…
If I go into the “Log Browser” I can see the 403 errors and it looks like it cannot find the key (00000000).
I suspect that the problem can come from the KID header field, already used by keycloak to store its own id (but the tyk key is in the sub, anyway). It says that tyk checks both, but I don’t know how it works if the kid is already used for other purposes. Does it consider sub as a fallback?
As I did not find a way to prevent keycloak adding its kid field, how can I make this work?