JWT Auth with Keycloak, Key ID not found

Hi all

Just wondering if I could get a little hand with some issues I’m facing integrating the Temporal server’s default JWT Auth with Keycloak. I’ve been following guide here, and I believe I’ve set everything up correctly - however, it appears that the token provider component is unable to locate the JWT key ID within Keycloak’s JWKS. When I start the server (Docker with auto-setup) I notice that tctl is unauthorized even when setting a valid TEMPORAL_CLI_AUTH env var, and when I try to hit the server after start up with gRPCurl, I get the following error:

"msg":"Authorization error","error":"RSA key not found for key ID: 1yw8xpKvkbLKQsD0GtEcKGb4liYoXPNv3BBMC8-d2Ls"

This key ID is correct, so I’m wondering if the token provider is just unable to fetch it.

I’ve set up a minimal project that reproduces this error here, any help would be great :slight_smile:

Some things I’ve tried:

  • bumping to version 1.23 and 1.24
  • also tried this with the serverjwtauth/key service from the guides (above), and facing the same issue

Ok, so after a little poking around I’ve solved this by making sure to just use the environment variables declared in the docker configuration template, instead of loading a custom configuration.