What happens if the app definition is not Theia-based when Keycloak is enabled?

[wss29]

hi,
I have a simple web test application that displays just some pictures and text on an HTML page. I created a Docker image of it and set it in the appDefinition, configuring both the demoApplication name and landingPage appDefinition.

However, I encountered a strange problem:

• When I set keycloak.enable to false, I can successfully launch my web app

• But when I set keycloak.enable to true, I consistently get the following error:

Does this mean when using Keycloak and OAuth2-proxy for launching, the app definition must be Theia-based? What is the key configuration needed to resolve this forbidden access issue?

[jfaltermeier]

Hi, I just tested this with the nginxdemos/hello Docker image and it worked for me.

Does this Keycloak setup work with the Theia demo application?
Have you tried clearing your cookies? There might be some stale login information causing issues.

[mvtec-richter]

We had the same problem. It was solved, when we configured the correct clientSecret.
The oauth2-proxy does not seem to use the "Client Credentials Flow", not the "Authorization Code Flow".