Im trying to integrate keycloak with tyk, created realm,client and user on keycloak and im able to get a token normally (using openidconnect.net), but im having problems (and some questions) with configurations on tyk.
What i did on tyk:
Created an API (named Teste OpenId-KeyCloak) with OpenID Connect auth mode, issuer and policy.
I need to create a key to the policy i’ve created?
Keys’ expiration must be the same as the token (from KeyCloak)?
Problem:
Sometimes i get normal access to the api and sometimes I find the error “Key not authorised” and i dont know what makes it works and not works. Documentation and guides didn’t really helped me.
Thank you for reaching out and attaching the images to your inquiry.
I don’t have the answer at the moment for why you’re only sometimes receiving the “Key not authorised” error message. I’m going to try to recreate this on my end and will get back to you as soon as I find the answer for you.
Here are the the steps on the Tyk side for protecting your API with Keycloak.
Create API
Set Authentication mode: Open ID Connect
Create Policy with access Rights
Edit your API to include your keycloak realm in the ‘Add issuers’ section. You then need to create a a client ID (user) on Keycloak and then point it to your policy which we created in step number 3.
Which it appears you have done based on the images you provided. The only other thing I can think of would be something to do with the keycloak set up.
Here’s a video that goes into a bit more detail on both the Tyk side as well as the Keycloak side:
One thing to note is that the Dashboard versioning is different at the time of the video versus now, however the process will still be the same *
Please let me know if this video helps with your question!
I managed to make it work as expected, it must be some small detail that I ended up missing but when I configured again the procedure it worked. I didn’t find where to close the topic but it can be closed.
Im very happy to hear that! Thank you for letting me know. If you have any other questions in the future regarding Tyk please feel free to reach out at any time.