-
Is there any ETA on when the open ID connect will be enabled? we don't mind testing it but without it we are pretty much unable to use the tyk operator with our main keycloak setup. The dynamic client using JWT does not seem to work with hybrid setups. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Hello - there was no immediate intention to implement OIDC with the Tyk Operator https://github.com/TykTechnologies/tyk-operator/blob/master/docs/api_definitions.md#client-to-gateway-authentication. It should be possible to use the native / lower level JWT auth mode. It would be good to understand what exactly is not working with your Keycloak setup so that this can be fixed. You can use this as a template: https://github.com/TykTechnologies/tyk-operator/blob/master/config/samples/jwt-auth/example1.yaml In any OIDC provider, you will have a public Looking forward to hearing more detail about your issue. Could you share an API Definition CRD with any sensitive fields obfuscated? |
Beta Was this translation helpful? Give feedback.
Hello - there was no immediate intention to implement OIDC with the Tyk Operator https://github.com/TykTechnologies/tyk-operator/blob/master/docs/api_definitions.md#client-to-gateway-authentication. It should be possible to use the native / lower level JWT auth mode. It would be good to understand what exactly is not working with your Keycloak setup so that this can be fixed.
You can use this as a template: https://github.com/TykTechnologies/tyk-operator/blob/master/config/samples/jwt-auth/example1.yaml
In any OIDC provider, you will have a public
.well-known/openid-configuration
endpoint. You can replace thejwt_source
with the JWKS URI. And thejwt_identity_base_field
can be the field …