Help with Keycloak Oauth setup for writefreely

Hi all,

I’m trying to figure out how to get keycloak to provide the authentication for writefreely. Unfortunately much keycloak documentation I come across for examples is for older UI, which it appears keycloak massively changed in recent revisions, complicating getting some of the basics sorted out.

The other part of the problem is that there doesn’t seem to be a single example keycloak oauth config for writefreely.

So, I’ve created a realm in keycloak, added in the client/application, and I think things are close as I’ve worked through several errors/issues so far, such as putting in an appropriate scope.

When I’m trying to login with a user that seems to be registered in keycloak, the callback seems to be where things are failing - writefreely says “error: unable to inspect access token”.

Does anyone have any experience with keycloak + writefreely yet to provide specifics? I may have things bungled on the keycloak side, though I suspect my writefreely configs just aren’t correct yet:

[oauth.generic]
client_id          = theclientID
client_secret      = redacted
host               = https://auth.mycrowd.ca
display_name       = MyCrowd Auth
callback_proxy     = 
callback_proxy_api = 
token_endpoint     = /realms/MyCrowd/protocol/openid-connect/token
inspect_endpoint   = /realms/MyCrowd/protocol/openid-connect/userinfo
auth_endpoint      = /realms/MyCrowd/protocol/openid-connect/auth
scope              = profile email
allow_disconnect   = 
map_user_id        =
map_username       = 
map_display_name   = 
map_email          = 

2 posts were split to a new topic: Authentik oauth setup

Can you share your server logs from around when you see that error message? It might have more specific information about what’s going wrong.