22:16:11,950 WARN [org.keycloak.events] (default task-2) type=INTROSPECT_TOKEN_ERROR, realmId=testrealm, clientId=testclient, userId=null, ipAddress=127.0.0.6, error=invalid_request, detail=‘Authentication failed.’
on introspection. I am using Ory oathkeeper to do the introspection. I also get the actual curl command OathKeeper(equivalent golang code)…The curl commands responds with the following output.
curl -X 'POST' -d 'client_id=testclient&scope=profile+email&token=SOMETOKEN&username=testuser' -H 'Authorization: Basic dGVzdGNsaWVudDpKRnlEaGdsNkdhY3Fidkk1VTY1azdnUmx1ZXVZRzBKQw==' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Token_type_hint: requesting_party_token' -H 'X-Forwarded-Proto: http' 'http://keycloak-http.keycloak:80/auth/realms/testrealm/protocol/openid-connect/token/introspect'
The response from the curl command is as follows.
{
"exp": 1666219764,
"iat": 1666217964,
"jti": "802901e5-ad2d-4e10-a74a-e661d812b4e6",
"iss": "http://keycloak-http.keycloak:80/auth/realms/testrealm",
"aud": [
"testclient",
"account"
],
"sub": "2c51554d-5fa6-42bc-886e-b569a07f14fd",
"typ": "Bearer",
"azp": "testclient",
"session_state": "c6c4ee66-01bb-4b18-b5d4-0f9a40ac3f61",
"name": "Test User",
"given_name": "Test",
"family_name": "User",
"preferred_username": "testuser",
"email": "someemail@gmail.com",
"email_verified": true,
"acr": "1",
"allowed-origins": [
"*"
],
"realm_access": {
"roles": [
"offline_access",
"uma_authorization",
"testrole",
"default-roles-testrealm"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "testclientscope email profile",
"sid": "c6c4ee66-01bb-4b18-b5d4-0f9a40ac3f61",
"client_id": "testclient",
"username": "testuser",
"active": true
}
This command is the equivalent command of the Oathkeeper golang code which gets a 401.