# Oauth2 Ehrbase **Category:** [Platform](https://discourse.openehr.org/c/platform-implem/7) **Created:** 2023-12-22 12:06 UTC **Views:** 906 **Replies:** 4 **URL:** https://discourse.openehr.org/t/oauth2-ehrbase/4796 --- ## Post #1 by @Mathijs_Noordzij Hi all, Does someone has recent experience, setting up Oauth2 with keycloak, locally for Ehrbase? I followed the docs, however they have not been updated a while. When I try to run an api, it returns a connection refused: org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance .... .... Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://localhost:8081/realms/ehrbase/.well-known/openid-configuration": Connection refused The host is accessible via my browser or api. It is only refused from my ehrbase container. These are the env settings in the docker compose: SECURITY_AUTHTYPE: OAUTH SECURITY_OAUTH2USERROLE: USER SECURITY_OAUTH2ADMINROLE: ADMIN SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI: http://localhost:8081/realms/ehrbase --- ## Post #2 by @vidi42 Hey @Mathijs_Noordzij Since you are running ehrbase in a docker container, the Keycloak URL you configured there will point to the `localhost` of the ehrbase container (not your host machine) so that's why it cannot connect to it. From your browser you can access it because localhost references your host machine. To fix this you can reference keycloak by it's service name from the docker-compose file and by the port that is running inside the container and docker will handle the networking for it. e.g. ``` services: keycloak: ... ports: - "8081:8080" ehrbase: ... environment: SECURITY_AUTHTYPE: OAUTH SECURITY_OAUTH2USERROLE: USER SECURITY_OAUTH2ADMINROLE: ADMIN SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI: http://keycloak:8080/realms/ehrbase ``` We had a similar issue raised in GitHub that explains the same principle https://github.com/ehrbase/ehrbase/issues/1209 Hope this helps you get started with EHRbase. --- ## Post #3 by @francisco.bischoff Hello, I'm trying to use Keycloak with EHRbase. Do you know how I can test the authentication? I'm just setting up the backend for other users to use it; I don't have a client app. Is there any openEHR client that uses OAuth? --- ## Post #4 by @vidi42 Hey @francisco.bischoff You could test it with any API Client (Postman, Insomnia, Bruno, etc.) Here you can find the details on how to set OAUTH up https://docs.ehrbase.org/docs/EHRbase/Explore/Security#oauth2 And the REST api details can be found here https://docs.ehrbase.org/docs/EHRbase/Explore/openEHR-REST. (I suggest you use the [List templates](https://docs.ehrbase.org/docs/EHRbase/Explore/openEHR-REST) endpoint for a quick test, it requires an Admin User as far as I remember). Also, you can use the [Sandbox env.](https://sandkiste.ehrbase.org/) to to get some examples (that one has a graphical UI). --- ## Post #5 by @francisco.bischoff Hi! Answering my own question, I found this client: https://github.com/crs4/aqlbetter It is straightforward to run it as Basic Auth and OAuth2, so I could test that my EHRbase + keycloack setup was working. BR. --- **Canonical:** https://discourse.openehr.org/t/oauth2-ehrbase/4796 **Original content:** https://discourse.openehr.org/t/oauth2-ehrbase/4796