Using Application Server REST API with Keycloak

Will.Freitag · November 16, 2021, 7:54am

Hey folks.
With ChirpStack and Keycloak instances running, the integration of ChirpStack’s UI is done (i.e. login to ChirpStack Web UI via Keycloak is ready).
Now I’m trying hard to get the Application Server’s REST API running with Keyklock.
Using a Web generated JWT (copy/paste from API-Key-Generation) is not a soulution, since it must run w/o any user interaction.
Using a Keycloak generated JWT (bearer token) with the API is redeemed by "error": "authentication failed: jwt parse error: invalid algorithm". Also I don’t see any way in ChirpStack to configure Keycloak’s public key for validating the JWT’s signature.

Any help would be appreciated.

-Will

garsiv1932 · November 27, 2022, 3:19am

i am having the same problem, with thee difference I am not using keycloak, I am using FusionAuth, and I am using in kubernetes with an istio service mesh with the istio ingress gateway. I readed the problem is the proxy, but I don’t see how to apply the nginx config in istio. The UI integration is fine, but right now I need the API to work.

Here is the nginx config:

Its very extrange as with the jwt issued by chirpstack the Rest API works fine, but with the OIDC configuration, the API is not working any more.