using JWTAuthInterceptor in Nuxeo Java Client

Hello,

I finally succeeded to use Keycloak as a identity provider for my Nuxeo using the openid package. I can now connect using JWT Token generated by Keycloak and get all my user infos even groups ! Now I am trying to use Nuxeo Java Client to do the same thing. Here is my code :

NuxeoClient nuxeoClient = new NuxeoClient .Builder() .url(url) .connectTimeout(connectTimeout) .readTimeout(readTimeout) .interceptor(new JWTAuthInterceptor(token)) .authentication(new JWTAuthInterceptor(token)) .schemas(“*“) .connect();

But I am always getting errors (401 not authorized).

Did I forget something ?

I am using Nuxeo LTS 2021 / Nuxeo Java Client 3.11.0 / Keycloak 19.0.1 / JDK 11.

Regards.

0 votes

1 answers

127 views

ANSWER

Hello Kevin Leturc , can you please help me ? Thanks.
08/19/2022



Hello,

I'm not sure the JWTAuthInterceptor is working with the Keycloak provider. The interceptor works with the JWT secret configured on Nuxeo side, see https://doc.nuxeo.com/client-java/3.11/authentication/#jwt-authentication

Maybe you need to create your own interceptor for this use case, how do you succeed to authenticate with a Keycloak token, do you have a curl command example?

Thanks

1 votes



Thank you Kevin Leturc for your response, you are right, openid plugin don't secure api with jwt token, it's just used to authenticate to Nuxeo. So I used the nuxeo-platform-login-keycloak project (with some modifications in code) and now it's working for me using JWTAuthInterceptor in Java Client. Regards.
08/25/2022