Keycloak authentication problems when using docker and java spring

Question

So I have a spring boot application. I also use swagger for testing purposes. I have a keycloak defined inside docker-compose like this:

  keycloak:
    image: jboss/keycloak
    ports:
      - "18080:8080"
    volumes:
        - ../keycloak:/opt/jboss/keycloak/imports
    command: 
        - "-b 0.0.0.0 -Dkeycloak.import=/opt/jboss/keycloak/imports/realm-export.json"
    environment:
        - KEYCLOAK_USER=admin
        - KEYCLOAK_PASSWORD=admin

when I try to run my spring boot application I use http://localhost:18080/auth as keycloak_auth_url. When running from my machine everything works.
When running through docker-compose I change keycloak url to: http://keycloak:18080/auth but the url that swaggers uses for redirecting user to keycloak stays the same http://localhost:18080/auth

Authenticating through swaggers "works". But when I try to call an API endpoint as authenticated user my server returns the following error:

Error when sending request to retrieve realm keys
myApp  | 
myApp  | org.keycloak.adapters.HttpClientAdapterException: IO error

Didn't find publicKey for kid: U7a58q_oR3zXWSAwVUIa_7FvhdA7IncCQ2IfKQKDGfI
myApp  | 2020-01-07 11:58:40.615 ERROR 1 --- [nio-8082-exec-1] o.k.a.BearerTokenRequestAuthenticator    : Failed to verify token

Now I am not sure is the problem that my app cannot connect to keycloak to check token. or did checking of token fail?
thanks for all the help

Answer 1

You will have to change the keycloak_auth_url to http://keycloak:8080/auth (if you are using spring-boot you could do it using environment variable instead of hardcoding it) if you want to connect to it from other container that is set up by compose.

The 8080 port is the port that the keycloack is running on in the keycloak container and 18080 port is the port that is published to the host.