MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix Keycloak hostname configuration for Docker internal communication

Browse Source 
- Add MetadataAddress configuration to JWT middleware for internal Docker URLs
- Add KC_HOSTNAME_ADMIN and KC_SPI_HOSTNAME_DEFAULT_ADMIN to Keycloak env
- This ensures API can fetch JWKS from Keycloak via internal Docker network
- Tests passing: 63/63
This commit is contained in:
WorkClub Automation
2026-03-20 10:49:55 +01:00
parent 26d7d83811
commit 87c315c6fd
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/WorkClub.Api/Program.cs
+9
View File
@@ -50,6 +50,15 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
options.Audience = builder.Configuration["Keycloak:Audience"];
options.RequireHttpsMetadata = false;
options.MapInboundClaims = false;
// For Docker internal communication, use the direct Keycloak URL for metadata
// This bypasses the hostname mismatch in Keycloak's discovery endpoint
var keycloakAuthority = builder.Configuration["Keycloak:Authority"];
if (keycloakAuthority?.Contains("keycloak:") == true)
{
options.MetadataAddress = $"{keycloakAuthority}/.well-known/openid-configuration";
}
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false, // Disabled for local dev - external clients use localhost:8080, internal use keycloak:8080
docker-compose.yml
+3
View File
@@ -43,6 +43,9 @@ services:
KC_HOSTNAME_STRICT: "false"
KC_PROXY: "edge"
KC_HTTP_PORT: "8081"
# Additional hostname for internal Docker communication
KC_HOSTNAME_ADMIN: "http://keycloak:8081"
KC_SPI_HOSTNAME_DEFAULT_ADMIN: "keycloak:8081"
ports:
- "8080:8081"
volumes: