Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC Integration with Keycloak Fails: 'Token is Not Valid or Has Expired' #924

Open
idrissyou opened this issue Feb 5, 2025 · 1 comment
Open

OIDC Integration with Keycloak Fails: 'Token is Not Valid or Has Expired' #924

idrissyou opened this issue Feb 5, 2025 · 1 comment

Comments

@idrissyou
Copy link

idrissyou commented Feb 5, 2025
edited
Loading

Hello,

I'm trying to deploy the Wallet Port /Api and integrate Keycloak for authentication using OIDC.

I successfully deployed both the Wallet and the Keycloak service. To configure the integration, I followed the official documentation:
Walt.ID Keycloak Configuration.

However, upon attempting to log in, I receive the following error:

"Token is not valid or has expired."

Here is my oidc.conf configuration:

publicBaseUrl = "https://dataspace4health.local/wallet/api"
enableOidcLogin = "true"
providerName = "keycloak"
oidcRealm = "https://dataspace4health.local/iam/realms/ds4h"
oidcJwks = "${oidcRealm}/protocol/openid-connect/certs"
oidcScopes = [openid roles]
authorizeUrl = "${oidcRealm}/protocol/openid-connect/auth"
accessTokenUrl = "${oidcRealm}/protocol/openid-connect/token"
logoutUrl = "${oidcRealm}/protocol/openid-connect/logout"
clientId = "waltid_backend"
clientSecret = "Secret"
keycloakUserApi = "https://dataspace4health.local/iam/admin/realms/ds4h/users"
jwksCache = {
  cacheSize = "10"
  cacheExpirationHours = "10"
  rateLimit = {
    bucketSize = "10"
    refillRateMinutes = "1"
  }
}

Steps to Reproduce
Navigate to Wallet UI.

Image

Click on "Connect with OIDC."

The browser redirects to the Keycloak login UI.

Image

Enter valid credentials for a pre-created Keycloak user and click Login.

The system returns the error:

"Token is not valid or has expired."

Image

Expected Behavior
I expect to successfully log in to the Wallet UI after authenticating with Keycloak.

Actual Behavior
After entering valid credentials, I receive the error:

"Token is not valid or has expired."
Wallet Api logs:

Image

Environment
OS Version: Linux
Keycloak Version: docker.io/bitnami/keycloak:21.1.2-debian-11-r27
Wallet UI Version: Latest
Additional Context
Screenshots showing my keycloak config
Client id
Image
Permission list:

Image
Service Account roles:

Image

The issue occurs immediately after authentication.
The Keycloak and Wallet services appear to be running correctly.
I verified that the OIDC configuration follows the official documentation.
I was able to create an account on keycloak from the walet api (endpoint wallet-api/auth/keycloak/create) however I was not able to connect using oidc

Any insights or suggestions would be greatly appreciated!
@alegomes
Copy link
Contributor

alegomes commented Feb 6, 2025

Thanks for your report, @idrissyou

I will take a look at it soon.

[]s
Ale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alegomes @idrissyou and others