JWT Auth with Keycloak, Key ID not found

maxagain · June 7, 2024, 11:26pm

Hi all

Just wondering if I could get a little hand with some issues I’m facing integrating the Temporal server’s default JWT Auth with Keycloak. I’ve been following guide here, and I believe I’ve set everything up correctly - however, it appears that the token provider component is unable to locate the JWT key ID within Keycloak’s JWKS. When I start the server (Docker with auto-setup) I notice that tctl is unauthorized even when setting a valid TEMPORAL_CLI_AUTH env var, and when I try to hit the server after start up with gRPCurl, I get the following error:

"msg":"Authorization error","error":"RSA key not found for key ID: 1yw8xpKvkbLKQsD0GtEcKGb4liYoXPNv3BBMC8-d2Ls"

This key ID is correct, so I’m wondering if the token provider is just unable to fetch it.

I’ve set up a minimal project that reproduces this error here, any help would be great

Some things I’ve tried:

bumping to version 1.23 and 1.24
also tried this with the serverjwtauth/key service from the guides (above), and facing the same issue

maxagain · June 11, 2024, 11:26pm

Ok, so after a little poking around I’ve solved this by making sure to just use the environment variables declared in the docker configuration template, instead of loading a custom configuration.

OhMyDeera · August 13, 2024, 11:18am

Hi!

I’ve just come across this issue myself, could you explain your solution please?

Topic		Replies	Views
Temporal SSO: RSA key not found for key ID Server Deployment jwt , auth , server	2	17	November 1, 2024
Problem configuring SSO with keycloak Community Support web-ui , sso	6	517	October 2, 2024
Auth/Authorization Community Support jwt , auth	2	1604	June 21, 2022
Serverjwtauth temporal start failed Server Deployment go-sdk , auth , server	4	750	May 22, 2024
Temporal professional support Community Support general-impl , security	2	779	June 17, 2022

JWT Auth with Keycloak, Key ID not found

Related topics