Does someone has recent experience, setting up Oauth2 with keycloak, locally for Ehrbase?
I followed the docs, however they have not been updated a while. When I try to run an api, it returns a connection refused:
org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
…
…
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for “http://localhost:8081/realms/ehrbase/.well-known/openid-configuration”: Connection refused
The host is accessible via my browser or api. It is only refused from my ehrbase container.
These are the env settings in the docker compose:
SECURITY_AUTHTYPE: OAUTH
SECURITY_OAUTH2USERROLE: USER
SECURITY_OAUTH2ADMINROLE: ADMIN
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI: http://localhost:8081/realms/ehrbase
Since you are running ehrbase in a docker container, the Keycloak URL you configured there will point to the localhost of the ehrbase container (not your host machine) so that’s why it cannot connect to it.
From your browser you can access it because localhost references your host machine.
To fix this you can reference keycloak by it’s service name from the docker-compose file and by the port that is running inside the container and docker will handle the networking for it.