Problem exchanging code for token with keycloak 18

[0xfrej]

Hi, I'm currently making home service stack with SSO provided by keycloak and have run to some issues while setting up forward auth. So far I have dug up everything useful out of logging I could and turns out that Keycloak returns HTTP code 500 on firing the exchange request. I have tried replicating the error with postman, but endpoint seemed fine, though I didn't have the exact request as was sent by forward auth middleware(just dug through the oauth library this mw is using and built it by what i have seen). I'm hoping that somebody is capable with at least pointing me in the right direction.

[0xfrej]

I have managed to stick a proxy between container and the server and catch the requests. After some digging it turns out that there seems to bean issue with HTTP/2 on OIDC token endpoint on my setup when the request is comming out of docker network. Tried it with curl, toggling http version and it confirmed my findings. I have fairly complex networking just to have everything on one host and it might cause an issue somewhere like this.

For those that have similar issue, I have managed to make a workaround by adding GODEBUG=http2client=0 to env variables on traefik-forward-auth container

Closing as it is an unrelated issue.