Hi Guys,
We are using Keycloak for IAM and have certain APIs registered with TYK which we want to guard using access tokens.
- I am getting the access token during login from keycloak
{
“access_token”: “eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSRzJxVGUzckM3LUlLZG5hQmJ5Tmszb1Yzel9ZSzBreGxOM254c0R5WGw4In0.eyJqdGkiOiI1YjRiZGZlOC1iMDk0LTQ4ZTktYmM4NS04ZjFlMWRjMzEzOWQiLCJleHAiOjE1MzE3OTExODYsIm5iZiI6MCwiaWF0IjoxNTMxNzkwNTg2LCJpc3MiOiJodHRwczovL25leHQuc29maWNvLmNvbS5hdS9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJhdWQiOiJtaWxlcy13ZWItbW9iaWxpdHktbWFuYWdlciIsInN1YiI6ImY6MjA3OTE1NGMtYzFkZC00ZDE3LWFlMjUtZjgyNDFhZjFjZTlhOjI1MDEzMiIsInR5cCI6IkJlYXJlciIsImF6cCI6Im1pbGVzLXdlYi1tb2JpbGl0eS1tYW5hZ2VyIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNDc4YTg1MjMtZDBjYy00MDVmLWE5OTYtMTI2NTFhYzUyOTM2IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6e30sIm1pbGVzLWZhYnJpYy1pZGVudGlmaWNhdGlvbiI6IjI1MDEzMiIsIm1pbGVzLWZhYnJpYy1jbGllbnQtdHlwZSI6ImV4dGVybmFsX2NsaWVudCJ9.JZDJI-hcqnGO1uzLWHTzN6V7l8Cipqga7dcWYJs7oFVThx0d_DbXap50oKcxtPEH3xVY7urQ8RWihVCruK4UabcqrHd4nxiXL9BfhnxLtUme5TeSshEXmGxr14H1JsoqLoPL4K9cgjChePKvKyZF_BVaE55m75W7Lb-d63-bduQuzcnGWLG9YS_x1a4TIaULwaNoZgadw-LGLemJ7r-UMs_YKRxWyChjpVVgm0DOVh7tdV1JucqLqfy_csaSPv1e2O529QM7_hw7vFkF10CsqaND-Bwk9AsPAGJaCLbBjcoe4oNlgHJ3hxGQCpT6P7d4vrEyO78m-5b6knCD0jdBng”,
“expires_in”: 600,
“refresh_expires_in”: 1800,
“refresh_token”: “eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSRzJxVGUzckM3LUlLZG5hQmJ5Tmszb1Yzel9ZSzBreGxOM254c0R5WGw4In0.eyJqdGkiOiIzZGFiZTUwNS05ZmIwLTRmZWEtYjk0My0wNmNmNDdlMWE2MTgiLCJleHAiOjE1MzE3OTIzODYsIm5iZiI6MCwiaWF0IjoxNTMxNzkwNTg2LCJpc3MiOiJodHRwczovL25leHQuc29maWNvLmNvbS5hdS9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJhdWQiOiJtaWxlcy13ZWItbW9iaWxpdHktbWFuYWdlciIsInN1YiI6ImY6MjA3OTE1NGMtYzFkZC00ZDE3LWFlMjUtZjgyNDFhZjFjZTlhOjI1MDEzMiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJtaWxlcy13ZWItbW9iaWxpdHktbWFuYWdlciIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjQ3OGE4NTIzLWQwY2MtNDA1Zi1hOTk2LTEyNjUxYWM1MjkzNiIsInJlc291cmNlX2FjY2VzcyI6e319.Mc4lPXGgSzNALXDs5AFruj5Jj0Rj5acrL6CdzcLVo90tzW9GcIz2NnAydPU1IPcB8j9ZK3AVBnZsGfOfpyrRJGDueWOjSpVq8tdIDGSLXps2j8ks781-n7BEPVYlvsbKjERuZsTXNqskikuc8gr3wXrdG8kdgWZVQ_mT8c7lKsn7xoddcd1nwKFYVXBAx44LxSX-Htc_TWvjymWXS3CJrN0VXBecEHJAy-Ng0pLrq6JVJlba4ad65mrgzK3g2z4lmYAKOgkx_j5lLan0o-vwGtiuwNNjgqXYJiabPhdFfurh0zKoWYOP7FEgCJFrysrKbHiXnP7f5-ZEBfsnJpkeEA”,
“token_type”: “bearer”,
“not-before-policy”: 0,
“session_state”: “478a8523-d0cc-405f-a996-12651ac52936”
}
- use the access token in step 1) to access API , via TYK which revalidates my token again from keycloak and this is where I am getting - JWT Invalid Error.
time=“Jul 16 09:28:07” level=warning msg="JWT Invalid: Validation error. Validation error. Failure while contacting the configuration endpoint
Have been using postman for my testing so far.
Have uploaded the API gateway logs as well.
Any idea what am I missing?