Tolgee not logging in with KeyCloak

[LukasKlepper]

Describe the bug
I cannot authenticate in Tolgee with OAuth2. If I try to login I get an error "third_party_auth_unknown_error".

This may happen because of an wrong http request send? See logs.

2025-01-08 17:08:09 2025-01-08T16:08:09.948Z  WARN 1 --- [nio-8080-exec-9] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' is not supported]
2025-01-08 17:08:09 2025-01-08T16:08:09.950Z ERROR 1 --- [nio-8080-exec-4] i.t.security.thirdParty.OAuth2Delegate   : Error while getting token from third party: 405 : "{"timestamp":1736352489949,"status":405,"error":"Method Not Allowed","path":"/realms/myownrealm/protocol/openid-connect/token"}"

To Reproduce
Steps to reproduce the behavior:

1. Setup KeyCloak instance with valid client
2. Include KeyCloak details in tolgee (in my case in docker environment variables)
3. Try to login via OAuth2.
4. Fail as of "third_party_auth_unknown_error".

Expected behavior
Tolgee accepts my login and I can see my account.

Screenshots and Code

.env

TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID=tolgee
TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET=81f2h9H7ZmJEHuGN20shXQ1JqaBHIvSA
TOLGEE_AUTHENTICATION_OAUTH2_TENANT_ID=myownrealm
TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL=http://localhost:8080/realms/myownrealm/protocol/openid-connect/auth
TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL=http://localhost:8080/realms/myownrealm/protocol/openid-connect/token
TOLGEE_AUTHENTICATION_OAUTH2_USER_URL=http://localhost:8080/realms/myownrealm/protocol/openid-connect/userinfo
TOLGEE_AUTHENTICATION_OAUTH2_SCOPES=openid profile email

environment section from docker-compose.yml

    environment:
     - spring_datasource_url=jdbc:postgresql://${DATABASE_TOLGEE_CONTAINERNAME}:5432/${DATABASE_TOLGEE_NAME}
     - spring_datasource_username=${DATABASE_TOLGEE_USER}
     - spring_datasource_password=${DATABASE_TOLGEE_PASSWORD}
     - tolgee_postgres-autostart_enabled=false
     - TOLGEE_AUTHENTICATION_ENABLED=true  # Enable authentication
     - TOLGEE_AUTHENTICATION_CREATE_INITIAL_USER=true  # Create initial user
     - TOLGEE_AUTHENTICATION_INITIAL_USERNAME=admin@myemail.com  # Initial username
     - TOLGEE_AUTHENTICATION_INITIAL_PASSWORD=adminadmin  # Initial password
     - TOLGEE_AUTHENTICATION_REGISTRATIONS_ALLOWED=true  # Allow user registrations
     - TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID=${TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID}
     - TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET=${TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET}
     - TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL=${TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL}
     - TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL=${TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL}
     - TOLGEE_AUTHENTICATION_OAUTH2_USER_URL=${TOLGEE_AUTHENTICATION_OAUTH2_USER_URL}
     - TOLGEE_AUTHENTICATION_OAUTH2_SCOPES=${TOLGEE_AUTHENTICATION_OAUTH2_SCOPES}

Versions and environment

• Tolgee Platform version: 3.92.1, 3.30.0
• Keycloak version: 24.0.5
• Environment: Used docker with image 3.92.1 tag
• Browser: Edge

Additional context
Im sure the KeyCloak authentication is working as If I use the same configuration on my own app, then it works just fine.

The login from keycloak is working as intended. I can confirm this as after logging in with KeyCloak and recieving the error I can retry without logging in again and I'm able to open up the account console from KeyCloak without any authentication in the same browser instance.

We also have a other instance running where we use the same configuration but with direct OAuth2 connection to Azure AD, there everything is working as intended.

[JanCizmar]

Hello!

Thanks for reaching out!

I will pass this to @Anty0, who knows everything about oAuth!