如何通过代理 API 访问 KeyCloak 端点 [英] How to access KeyCloak endpoints via proxy API

问题描述

我目前有以下架构

APP -> API -> KeyCloak

APP -> API -> KeyCloak

我希望 APP 能够向我的 API 发送请求，然后该 API 将在内部将某些请求代理到 KeyCloak.例如，我想通过我的 API 向 KeyCloak 中的/userinfo 端点发出请求.如果我能弄清楚这一点，我就可以执行更复杂的功能.

I want the APP to be able to send requests to my API which will then internally proxy certain requests to KeyCloak. For example, I'd like to make a request to the /userinfo endpoint in KeyCloak through my API. If I can figure this out I can then perform more complex features.

APP -> http://api:port/api/userinfoAPI -> http://keycloak:port/auth/realms/quartech/protocol/openid-connect/userinfo

APP -> http://api:port/api/userinfo API -> http://keycloak:port/auth/realms/quartech/protocol/openid-connect/userinfo

我有一个有效的 JWT 不记名令牌.因为我可以直接成功地向 KeyCloak 发出请求，但是如果我尝试通过我的 API 发出请求，它会返回 401.即使它使用相同的 JWT Bearer 令牌.

I have a valid JWT Bearer token. As I can directly make the request to KeyCloak successfully, however if I attempt to make the request via my API it returns 401. Even though it is using the same JWT Bearer token.

我相信这与配置 KeyCloak 客户端以允许来自 API 的请求有关.但到目前为止我还没有弄清楚.

I believe it has something to do with configuring the KeyCloak client to allow requests to come from the API. But so far I haven't been able to figure it out.

推荐答案

我发现它需要一个 DNS 条目才能在 Docker 容器内进行本地开发.

I've discovered it required a DNS entry to local development within a Docker container.

我已经编辑了 hosts 文件并添加了一个 127.0.0.1 keycloak 然后 al

I've edited the hosts file and added a 127.0.0.1 keycloak and then al

这篇关于如何通过代理 API 访问 KeyCloak 端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！