Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello All, I am trying to get OathKeeper to work with Keycloak. Oathkeeper seems  to send an empty clientID and userId to Keycloak Instrospection endpoint. The curl command `curl --data "client_secret=SOMESECRET&amp;client_id=test&amp;token=$TEST_TOKEN"  <http://key-cloak-keycloak.keycloak:80/realms/master/protocol/openid-connect/token/introspect>`  works but if Oathkeep calls the same endpoint. keycloak throws a 500..

Not sure if it helps, but we have some Oathkeeper examples here:
<https://github.com/ory/examples/tree/master/oathkeeper>

Yes I am piecing together the different parts and seeing what needs to be done. I wish I could see the request that oath keeper makes to keycloak. Is there a way to see that? I did turn the trace log level on...its failing on the introspection part...

I am specifically looking at `oauth2_introspection`

If I can get this fixed I will add to the documentation for sure...

I have 3 authenticators, one when the client initially tries to access the route(oauth2_client_credentials), and the other 2 (jwt and the oauth2_introspection). when  should I be using `jwt` vs `oauth2_introspection`?