OAUTH2.0 - JWT access token signature could not be validated

[eingemaischt]

Hi,

I am trieing to secure a HTTP REST Interface with mod_auth_openidc. The idea is that a rest client gets an access token from our keycloak and then can use the API.

But: The auth_openidc cannot validate the access token because of its signature:

[Tue Feb 15 15:20:20.019503 2022] [auth_openidc:error] [pid 350139:tid 139756927170304] [client xxx:40202] oidc_proto_jwt_verify: JWT signature verification failed: [src/jose.c:986: oidc_jwt_verify]: could not find key with kid: [cut]
[Tue Feb 15 15:20:20.019546 2022] [auth_openidc:error] [pid 350139:tid 139756927170304] [client xxx:40202] oidc_oauth_validate_jwt_access_token: JWT access token signature could not be validated, aborting

This is the configuration:

    #this is required by mod_auth_openidc
    OIDCCryptoPassphrase [cut]
    OIDCProviderJwksUri https://[host]/auth/realms/[realm]/protocol/openid-connect/certs
    OIDCProviderMetadataURL https://[host]/auth/realms/[realm]/.well-known/openid-configuration
    OIDCClientID [public-client]

Having a look at the keycloak I saw that mod_auth_openidc didn't call the JWKSURI once.... So what am I doing wrong?
Does someone have an example for a complete configuration with auth_openidc and keycloak?

[eingemaischt]

I finally found a solution and an example on:
https://github.com/zmartzone/mod_auth_openidc/wiki/OAuth-2.0-Resource-Server#keycloak

The correct parameter is called " OIDCOAuthVerifyJwksUri "