0

I am trying to send a POST request to docat, which is protected by oauth2-proxy sidecar. But I am unable to include my access token in the post request to get it to work. I need help troubleshooting on where to begin looking for my issue.

This is my configuration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pontus-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pontus-test
  template:
    metadata:
      labels:
        app: pontus-test
    spec:
      containers:
      - name: nginx
        image: docat
        ports:
        - containerPort: 80
        imagePullPolicy: Always
      - args:
        - --provider=keycloak
        - --client-id=<redacted>
        - --client-secret=<redacted>
        - --login-url=<redacted>
        - --redeem-url=<redacted>
        - --validate-url=<redacted>
        - --email-domain=*
        - --cookie-secure=true
        - --cookie-secret=1HCRgue7IVNmRm59cB7i2Gq6FColWYia
        - --logging-compress=false
        - --request-logging=true
        - --auth-logging=true
        - --standard-logging=true
        - --http-address=http://:4180
        - --upstream=http://127.0.0.1:80
        - --scope=profile email roles
        - --pass-access-token=true
        - --pass-authorization-header=true
        - --set-xauthrequest=true
        - --skip-provider-button
        - --ssl-insecure-skip-verify
        - --allowed-group=mstlv
        - --skip-jwt-bearer-tokens=true
        image: oauth2-proxy
        imagePullPolicy: IfNotPresent
        name: oauth2-sidecar
        ports:
        - containerPort: 4180
          name: oauth-proxy
          protocol: TCP

First I get my access_token

curl \
  -d "client_id=<redacted>" \
  -d "client_secret=<redacted>" \
  -d "grant_type=client_credentials" \
  "<redacted>"

Then I try to use that token to send a post request to docat

curl -X POST -v \
-H "Authorization: Bearer <redacted>" \
-F "file=@docs.zip" \
https://blabla/api/awesome-project/1.0.0

But it does not work, and in the logs I get

[2023/04/03 13:07:19] [jwt_session.go:51] Error retrieving session from token in Authorization header: [unable to verify bearer token, not implemented]
[2023/04/03 13:07:19] [oauthproxy.go:959] No valid authentication in request. Initiating login.

How can I troubleshoot this? I need to narrow down somehow, if it is an issue with keycloak configuration, oauth2-proxy or my post request?

Prokie
  • 66
  • 7

0 Answers0