how to get keycloak inject cookie with auth server running on docker

Question

Apologies for my very wordy post. I'm using keycloak, openid connect, nginx, docker and react in my application.

keycloak is running on docker with for example ( http://auth-server.com/auth)

When I bring up my frontend on localhost:3000. It redirected me to the log-in page with ( http://auth-server.com/auth/login.html ), then after the log in, I need to get current logged-in user from my back-end micro service which requires cookie with session and X-AUTH-USER injected by keycloak. I believe because frontend is running on localhost, and keycloak is on a different domain. cookie and the http header is not being injected with the subsequent requests.

How can I get keycloak to inject the cookie for every single subsequent request?

Answer 1

This is not how OpenID Connect is supposed to be used. OpenID Connect is a protocol for federated authentication. Websites can not set cookies for other websites - that would be a security issue.

OpenID Connect is designed for being RESTful without the use of cookies and sessions. With OpenID Connect you are using a self-contained JWT access token sendt in the Authorization: Bearer <token> HTTP Header.

With this design, it is much easier to create stateless backends that you easily can deploy on e.g. modern Kubernetes platforms and scale elastically or do rolling deployments without downtime.

If you still want to use cookies and sessions you can have a service that creates those session on redirect from the OpenID authentication when you have got the access token.