MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix(auth): add JWT audience claim and disable issuer validation

Browse Source 
- Added Keycloak audience protocol mapper to workclub-app client
  - Maps 'workclub-api' to aud claim in access tokens
- Disabled issuer validation in API for local dev
  - External clients use localhost:8080, internal use keycloak:8080
  - Prevents validation mismatch in Docker network environment

This resolves 401 Unauthorized errors on all authenticated endpoints.

Ref: .sisyphus/evidence/final-f3-manual-qa.md lines 418-444
This commit is contained in:
WorkClub Automation
2026-03-05 14:12:53 +01:00
parent 8643c3dfa7
commit b813043195
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@@ -63,6 +63,7 @@ services:
ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=workclub;Username=workclub;Password=dev_password_change_in_production"
Keycloak__Authority: "http://keycloak:8080/realms/workclub"
Keycloak__Audience: "workclub-api"
Keycloak__TokenValidationParameters__ValidateIssuer: "false"
ports:
- "5001:8080"
volumes: