Hello everyone,
I am trying to set up Tyk gateway with Keycloak as OIDC provider. I have been following the documentation to create the realm and client in my keycloak.
I am hosting the tyk gateway at localhost:8080 and keycloak server at localhost:9000.
For keycloak, I am using “tyk-test” realm and “keycloak-jwt” as ID for the client.
These are my configurations for the tyk gateway:
./app/oidc-protected.json
{
"name": "OIDC",
"api_id": "3",
"org_id": "tyk-test",
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"use_extended_paths": true
}
}
},
"use_openid": true,
"openid_options": {
"providers": [
{
"issuer": "http://localhost:9000/auth/realms/tyk-test",
"client_ids": {
"a2V5Y2xvYWstand0": "admin"
}
}
],
"segregate_by_client": false
},
"proxy": {
"listen_path": "/get",
"target_url": "http://httpbin.org/",
"strip_listen_path": true
},
"active": true
}
The admin policy is as follows:
.policies/policies.json
{
"admin": {
"rate": 1000,
"per": 1,
"quota_max": 100,
"quota_renewal_rate": 60,
"access_rights": {
"3": {
"api_name": "OIDC",
"api_id": "3",
"versions": ["Default"]
}
},
"org_id": "tyk-test",
"hmac_enabled": false
}
}
I was able to genearate the jwt tokens similar to the documentation.
However, when I try to access the route /get (with the bearer token), I keep getting the error:
{
"error": "Key not authorised"
}
Here are the error-logs from my docker:
tyk-gateway | time="Jul 10 14:57:10" level=warning msg="JWT Invalid" api_id=3 api_name=OIDC error="Validation error. Validation error. No provider was registered with issuer: http://localhost:9000/realms/tyk-test" mw=OpenIDMW org_id=tyk-test origin=192.168.128.1 path=/get
tyk-gateway | time="Jul 10 14:57:10" level=warning msg="Attempted access with invalid key." api_id=3 api_name=OIDC key="****JWT]" mw=OpenIDMW org_id=tyk-test origin=192.168.128.1 path=/get
I tried searching around the forums for similar issues, but I haven’t found much help.
Could it be that my json configurations are not correct or missing something?
I have been stuck at this issuse for two days so any help is welcome.