Chiney973 opened a new issue, #12025: URL: https://github.com/apache/apisix/issues/12025
### Description All my web application are served under the same domain, except for the IDP Frontend will be served under http://localhost/app/ Apisix will be served under http://localhost/app/api/ I am using keycloak as an IDP under http://keycloak/ I am having issues authenticating to the apisix gateway with my spa frontend as it is not served by apisix What I have tried: - Have my spa sends a fetch request to any api served by apisix gateway. But when I get redirected to the idp for authentication, I am having CORS issues. Keycloak does not handle preflight for http://keycloak:8080/realms/django-realm/protocol/openid-connect/auth - Have a dummy endpoint (not served by apisix) http://localhost/authenticate that return a http redirection to http://keycloak:8080/realms/django-realm/protocol/openid-connect/auth with state, code challenges, redirect url, etc.. all set up. But after login to the idp, it reaches the apisix server with a 500 error with the following message: *openid-connect.lua:588: phase_func(): OIDC authentication failed: request to the redirect_uri path but there's no session state found* Could someone plz enlight me on how are we supposed to authenticate with oidc to the apisix gateway with a spa not served by the gateway ? ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
