(examples/api-gw/serverless-lambda-auth): auth0 error Error: Can't find key for kid "tDRvItnG83Fqo9hJL2WKyWgQMf5rp8nWm7hOFdWNSiE" in response.
wchaws opened this issue · comments
Steps:
- Deploy CloudFormation template
- Import
realm-export.json
- Open vue-ui
- Login to user1
- Click "request" button
Symptoms:
- Sometimes request success, sometime request failed
This may due to Keycloak is NOT fully HA deployed. Currently, Keycloak session totally depends on ALB sticky session which is ok for user to login. Because, your browser will attach the ALB cookie on your behalf.
But for lambda authorizer, it will acquire JWKs from Keycloak https://<keycloak-domain>/auth/realms/keycloak-on-aws/protocol/openid-connect/certs
. However, this process behave differently from browser. It will not attach ALB cookie. So, the ALB will forward either A or B.
After re-deploy the Keycloak stack, Can not reproduce this issue now.