WorkClub Automation b813043195 fix(auth): add JWT audience claim and disable issuer validation ...

- Added Keycloak audience protocol mapper to workclub-app client
  - Maps 'workclub-api' to aud claim in access tokens
- Disabled issuer validation in API for local dev
  - External clients use localhost:8080, internal use keycloak:8080
  - Prevents validation mismatch in Docker network environment

This resolves 401 Unauthorized errors on all authenticated endpoints.

Ref: .sisyphus/evidence/final-f3-manual-qa.md lines 418-444

2026-03-05 14:12:53 +01:00

4.6 KiB

Raw Blame History

View Raw