CODEWITHSUNDEEP
springspring-securitykeycloak
Forin
Forin

Reputation: 1609

Keycloak - Didn't find publicKey for specified kid

I have an application divided into frontend and backend services. The frontend has public acces, while the backend is confidential. When I'm trying to authorize to get response from my backend I'm getting the following error:

cache-control: no-cache, no-store, max-age=0, must-revalidate 
content-length: 0 
date: Fri, 06 Dec 2019 09:16:16 GMT 
expires: 0 
pragma: no-cache 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers 
www-authenticate: Bearer realm="my_realm", error="invalid_token", error_description="Didn't 
find publicKey for specified kid", Bearer realm="my_realm", error="invalid_token", 
error_description="Didn't find publicKey for specified kid" 
x-content-type-options: nosniff 
x-frame-options: DENY 
x-xss-protection: 1; mode=block

Here's my configuration for both services:

Backend:
    keycloak:
        auth-server-url: http://localhost:8081/auth
        realm: my_realm
        resource: your-client-id
        ssl-required: external
        credentials.secret: your-client-secret
Frontend:
    sso: {
        url: 'http://localhost:8081/auth',
        realm: 'my_realm',
        clientId: 'your-frontend-client'
    }

I'm using keycloak 7.0.1 along with Spring Security.

Am I missing any additional config for allowing authorization from public client?

Upvotes: 1

Views: 7117

Answers (1)

Subodh Joshi
Subodh Joshi

Reputation: 13492

You have to check multiple things

  1. You need to check your client names are same in you application and keycloak.
  2. Sometime Keycloak URL may incorrent it should be http OR https://<IP ADDRESS>:PORT/auth
  3. Sometime its becuase of certificate as well
  4. Please check the version of keycloak running and client jars you are using.

https://medium.com/@siweheee/keycloak-a-real-scenario-from-development-to-production-ce57800e3ba9

Keycloak: missing realm public key

Keycloak invalid_token Didn't find publicKey for specified kid

If you are using docker environment

KeyCloak must to be accessed from all clients by the same public address for security reasons. This includes also the GUI server. It is not possible to talk to Keycloak via a local IP address as the security depends on the IP address.

https://github.com/hobbit-project/platform/issues/18

Upvotes: 2

Related Questions