Keycloak - is the authorization token reaching the application?

I have a Django web application and some rest APIs.

I delegate the authentication and authorization to Keycloak via proxy (oauth2-proxy).

I don't want to use the Django user model or have any user information stored in the application database

So the process is:

  • I make my initial request to the proxy
  • The proxy detects there is no authenticated user and redirects the request to Keycloak
  • I enter credentials in Keycloak and successfully authenticate
  • The proxy redirects to the application page

This is the configuration I'm using for the oauth2-proxy

oauth2-proxy.exe ^
    --http-address=127.0.0.1:4180 ^
    --email-domain=* ^
    --cookie-secure=true ^
    --cookie-secret=adqeqpioqr809718 ^
    --cookie-httponly=true ^
    --upstream="http://127.0.0.1:8000" ^
    --redirect-url=http://127.0.0.1:4180/oauth2/callback ^
    --oidc-issuer-url=http://127.0.0.1:28081/auth/realms/testrealm ^
    --insecure-oidc-allow-unverified-email=true ^
    --provider=keycloak-oidc ^
    --client-id=oauth2_proxy ^
    --ssl-insecure-skip-verify=true ^
    --client-secret=L2znXLhGX4N0j3nsZYxDKfdYpXHMGDkX ^
    --skip-provider-button=true ^
    --set-authorization-header=true ^
    --pass-access-token=true ^
    --set-xauthrequest =true ^
    --pass-authorization-header=true

After that in the headers I can see what is below, but from that, don't know if the authorization token is reaching the application or just to the proxy and never passing to the application.

Can someone please tell me?

General:

Request URL: http://127.0.0.1:4180/web/hello/
Request Method: GET
Status Code: 200 OK
Remote Address: 127.0.0.1:4180
Referrer Policy: strict-origin-when-cross-origin

Response Headers
    
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmQkt6c2FDdF9EeWpPUEhtWlJoaktIeXU1a2NnRlZhcFZNSk1GU01XMVdnIn0.eyJleHAiOjE2NjMwODI1MjgsImlhdCI6MTY2MzA4MjIyOCwiYXV0aF90aW1lIjoxNjYzMDgyMjI4LCJqdGkiOiI5NDdiODFlNS1mZDQ1LTRiNDMtYjQ3My1lZTgwMjBjMDFiNTAiLCJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjI4MDgxL2F1dGgvcmVhbG1zL3Rlc3RyZWFsbSIsImF1ZCI6Im9hdXRoMl9wcm94eSIsInN1YiI6IjkzNTQ3YmNjLTI0NDEtNDE0YS05MTQ5LWM3NTMzYzRmNWQyMyIsInR5cCI6IklEIiwiYXpwIjoib2F1dGgyX3Byb3h5Iiwibm9uY2UiOiJLMVhITzNMOHYxcTVtdVNjU0d1dXozQnllZEZZUi1ZaTFfdnhHaGo3U0pRIiwic2Vzc2lvbl9zdGF0ZSI6IjhkMGVmNGZlLTM1ZjUtNDhmYS04MjQzLTg1YTNlNmIyNDI0ZSIsImF0X2hhc2giOiJJYVFobkRua0F5UzlWSlQwUTVHOHhnIiwiYWNyIjoiMSIsInNpZCI6IjhkMGVmNGZlLTM1ZjUtNDhmYS04MjQzLTg1YTNlNmIyNDI0ZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJHcm91cHMiOltdLCJuYW1lIjoiUmljYXJkbyBHYXJjaWEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0dXNlciIsImdpdmVuX25hbWUiOiJSaWNhcmRvIiwiZmFtaWx5X25hbWUiOiJHYXJjaWEiLCJlbWFpbCI6InJmZXJuYW5kZXoyMDA3QGdtYWlsLmNvbSJ9.W3nIkpr0NVKNv8VldXsRl6Yy3r9TjdX0THzuuR6fsbSfLxfWi1AewvuFqMH9vJqtgVVvKxOYOUl5FcTXWXKiA_ZXcJcKeR0WrH7TXL-dskdpbt3fZp8XS_h8MaRoVJSiZmqznchjY5Jh1h6Pjr5BVXw5YbzDDqj5KoMDkarP7S-boyzdyBmdyQW_rDwMSVmVP6XPKWnIbICg6TWt89b74aNle3qteVJekl21HzKR_-lHLcae1ABUzy6S1NjJMuIENcKtnPvv1qzF3BpntkwFNSXLhVxfBAu1aCH7Fq7gkpGBOU4n7ouQTiv0tSvMZCaJ7YxPDK5K3k-BXcb28hssgA
    Content-Length: 136
    Content-Type: text/html; charset=utf-8
    Cross-Origin-Opener-Policy: same-origin
    Date: Tue, 13 Sep 2022 16:21:18 GMT
    Gap-Auth: rfernandez2007@gmail.com
    Referrer-Policy: same-origin
    Server: WSGIServer/0.2 CPython/3.10.6
    X-Auth-Request-Access-Token: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmQkt6c2FDdF9EeWpPUEhtWlJoaktIeXU1a2NnRlZhcFZNSk1GU01XMVdnIn0.eyJleHAiOjE2NjMwODI1MjgsImlhdCI6MTY2MzA4MjIyOCwiYXV0aF90aW1lIjoxNjYzMDgyMjI4LCJqdGkiOiJmYmE2YmQ3NC0zNzZiLTRjZDEtYTQzNy1hOTkyMTM0ZTAyNWIiLCJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjI4MDgxL2F1dGgvcmVhbG1zL3Rlc3RyZWFsbSIsImF1ZCI6WyJvYXV0aDJfcHJveHkiLCJhY2NvdW50Il0sInN1YiI6IjkzNTQ3YmNjLTI0NDEtNDE0YS05MTQ5LWM3NTMzYzRmNWQyMyIsInR5cCI6IkJlYXJlciIsImF6cCI6Im9hdXRoMl9wcm94eSIsIm5vbmNlIjoiSzFYSE8zTDh2MXE1bXVTY1NHdXV6M0J5ZWRGWVItWWkxX3Z4R2hqN1NKUSIsInNlc3Npb25fc3RhdGUiOiI4ZDBlZjRmZS0zNWY1LTQ4ZmEtODI0My04NWEzZTZiMjQyNGUiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iLCJteXJvbGUiLCJkZWZhdWx0LXJvbGVzLXRlc3RyZWFsbSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJzaWQiOiI4ZDBlZjRmZS0zNWY1LTQ4ZmEtODI0My04NWEzZTZiMjQyNGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiR3JvdXBzIjpbXSwibmFtZSI6IlJpY2FyZG8gR2FyY2lhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdHVzZXIiLCJnaXZlbl9uYW1lIjoiUmljYXJkbyIsImZhbWlseV9uYW1lIjoiR2FyY2lhIiwiZW1haWwiOiJyZmVybmFuZGV6MjAwN0BnbWFpbC5jb20ifQ.OQlcEllPMgjPf4qlcpPiM8KFbQuSv9ASlfOU84w8IWpn-f4I2rrBmhON1zsQkeDHGspDRzU9MlVBBs-4VmjBORD5LQ_siKDv1Lth-v8-bApH14J9E5LhippVvhlNAGTPJrFq_jrHPQ-lb0zwmM4Q-V9jxOnlM5j2eHzW07XKZYjaTEfJ_GU2hI7CZE18beDarOpvGwU_NNeUsgbk9slyElz5GuId1BWNyASPY5KsczQky90Mqa7jtAcFRHZYaU4YhGI0hepNYLaHeKi1_2MLiVsx-qChOe-KZnR928nhHqZLjKAFVlRPVe3SPTJMHSXx1vIIUWik3TmCLFakfeYXxg
    X-Auth-Request-Email: rfernandez2007@gmail.com
    X-Auth-Request-Groups: role:offline_access,role:uma_authorization,role:myrole,role:default-roles-testrealm,role:account:manage-account,role:account:manage-account-links,role:account:view-profile
    X-Auth-Request-Preferred-Username: testuser
    X-Content-Type-Options: nosniff
    X-Frame-Options: DENY

Request Headers 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Cookie: _oauth2_proxy_0=p5srpR95qBYs3rKw1N34kTC0kC6-6-yqpRT2a-vZx-SaS6XSHBwUSHgpTf2DRorXk3eRsg7hNFiwlV0j_77SdR22IefZDa4ajkfYbZCEP8_9xl5MQNDPw0JMaI1agVDg1m-njRwLD7ngaDAuRjdYG3a2fVRjLjAFeebFF0wmfByw23KTNL96o70OdnS1c27Jj7F_Lz8To6SZnHGcuV-OExUYvEwubQtCxbh9WDOwU-YZdtSq0uGpTvY_7JjSHywnoFGAqlKAGFkjWSgxRWHH8Yzg4iTv6zTd2-KEm-p_PTilYxvRbx39-wGeOcm_DcJvNw_X6gSDKr7EzecKllv536vblhnJEAHh40Xt5CbApSdHRU8GqPVSkaGEl1y-0iTdL6xuOP64K1_wkEHh_fpPBjITxh0uygvEJb59pmJOgnr8yT06oESP3yA8KPiW2owfl72VOH-UyZX2nBAPfdW79mGhiaf3EQM5mwaJXK1sqalQcSyKvjDZe3NJR1nynu-3HsozjLyDRVWXmKLfdmjiA9kE0DwdB7jvryo13QrGlt3GFqIr_kfebUC1V6jUwJKxs_BE4S1DfRlR-cFk76kwhCSbQRBie2CKrcUdxmH10JmNuW57V8orpwXkjCo0oiT4fzH0QOc68a6Or7LTJskbIb4hTU8PnXi6VQ96FyEOuRDeRB46xue3edof8e1Oq9ggCneE71sF7BHkznVZ1mIjyJpK-qmfNlgHNtdJQ5ZfcPZ2aBeyhijUYxw5qGfcR9fGfCH_9Ciu8mix_5dNdWR_zo8fhbJj2AguDCvhNKY2eN45WsDYg3Zjb1gcxMeyE2AgpgNwuOVKgX21GsQcr6mxE6dsj9E6hK7kFp4rifuQgGnYBkMyN-Tudkaq4xy93apiXbASwuRc7PFq4w_-sFPxbQxe883ZWt6qeLbkDnjLmPdNBJen73x5i80sXHps1WR_umtZeOpJ3ifkkB2o9JeIxyBwPPG8ftL8YoQZR5k9cjClyl4zlhoyjnlD6P3iD40kfc71MJO7CEVbj3_lWgiSxZD1Sf1djBm_hKujpuzhRUH3BQb03w1p8Gpv_0PjdSFK6KM8_MZCZeyo7TY4GHU_PFigyxwR6rMF9o2r1PZoV90E7I_gQAkXN3ftBnmVkl6k0Ks0fmsr19uLBS36ItUL4DEjobR7zjvQXG1Wg6m6G1TU9TLjcDDkNyaM2IDWGUOzIUzhNz9uBEYWswMvSX8oVq3AEFiZa5ET_h53ilEcad6nn9Ik_wvMsHVDvN4P4eN5FPhZBErBVmhJczT-q8uFLpq7cGI_LbpRhYT-V5aDJGioiS4FZZx0L1bBc2qJHC-OsJMAA_3cuAimTM19YAT0iySX-oQd7ReLpkA8DkSV9pPXzwynyBMTQ3tgm_H1TtPVImq_Hl15syiFjePbjhXu0Jze9CSx3VYsB61S1AOz54MLHjTRFFlfdXB6l2GZdPsBqgAsvtIY_8U0316vjx2XvsuzxuUCbtcTHDVEYr35tNLUQ7iz9hWINazqr8w3kAh5TvZzJVKCjGkQGCcVxRohqpjwWMbQ0QU9XESg_5ZgrxunU6X9jQG0KvBPf8GO8XoqbuyGb7AoSWQg_9f3BdgkuFST-JQGj6DTw_zs759e_qCOLPoHOoTYFKivLcw-12ppcEbvMiFrUa94dGdfo9yd-J5ilss-FjqZMLEe_HIVbqQ2iKdQbZU7aZuLcZjw-bItFZnYoERHbOw--y6bhuRQN5txvzpSnWAeT2LIQVabk_RAsbGY_wC07SYay-_75GX_OhfcyBiGZH43ZFbdWZjg7r6A65abPjnAXqipNfTnHKmNikEN8SGZD5ji025_cxen9T2jCEUcH95BReE74pBXKwzDmDv3lXd5eeFL_PNVtCtftOjZqVglGnAEBbbvcDrOesP0bNlF3bSKTofJG2slbl_WLztlwUudVFbeoHR_Yf2h0RRpnUJUbJpWkaSGjS_bF_7ObF1jIahZN4kyU01hL8fhesBkKvtApFQHpYlO_oBl3F3NdwRnbP0VnE7Pot_ayFDRKecb6qHhFPHzODloGlAjGx2jkrYOiBcOXMGjR3d-CjdF9qrDo3JQw1CCieGwlGV1Rlg2uxPL8rmorD3wGyanKF4X6E9Qp44kriWPhGmilZ62GLAXlzOKlc_-2bsvy358tN_IoZfZXe-czdqlepXsSzRwhOsRsDvsx9a2J3Xw3l7dGg9BlSS7YFjmbLXhXb_nRKtBQ6IYqMr0-Yw5mEhT3P_AcpSASdbZXRFWEZYdMd7oEEhZ5YWVzwfoZD4QfHZxleNUmb5TmiG_ew_IOBn7d4T64TVONp2FHHpk1TTknOdUYSy93a77GA_yFB0CiUKLyTA9SoHsKP07GFf7Gkl7X8Nm96FeemYUAi0CBoqCC-_51GKK9Y4JaSz6tZchbTGM1C2wTYYUqwr_Mm5lI5TYaZPsAI_x9HjcBQ4YMvly9fAfdZ3wlaUIbXmaXP4_YBonyfPdOvN1MPJl8oGjB6ndVOB4OPEQ4CmnvoGckjp95D7X4aou72096l8WdnCLTN4vgWBsJlYvdowFroa3ko0PjBW5PLH8c5x4CkQ-YBqlVk0UVMsDO8Z7iyNZQTuZWP0tFJDwSak45bv23NlhN30gbMMt8-S8Vv4jwxwQfIot6MUYEfCn0Ko6gi2IOcLtV1lb0f2wkwtmD_lxWdkfR1mcTj52T8N-znYhGpPbMFkUfVFvTW04hq4gFyyOIFgRid8iIx9GryY_z6QK1v-FvZqkPJ--_grTzUbLrBU1BOU-YVwnWXWt4Ss7BuapkmuOgz48xzDAS_6nZMIStys6bbXA3f-qPfj6tyCkPXWAmtKM5U1g4bpM8n1aclj3mr8En92UuOaT997DO9YzCpdNnpuh101hXTGJ5Mg83GgqMty34PcysUB0aXWnEx3Bz0MLqNNdOol__Dc__hJNtG_YLUKFLe3nhIwcaDrOO7YtoMGUBcQBM4VEkKzKqYEZ_xaCozBOFLxrxn3u4vYrmSiQdoeYObEcA1EGRvG_C4Rmrh4ba9NjZ9BbzxlkiLyw2yx2BHJXsFPLS1gBt5EXM9f_jkAZPlK7Zx7m1giYNfk0P5YwIpYlkm11KIyzu0tEjMMEfqoic9OyvCL5W8kGQIIxNNAYagJPAvBSXKLKGmirwlNVr2Z-trJqkLhCz_LkSrbFWQ7qplDgQ2KlQVVGlx7uoq5B3UEljRc_UrazI5QLnJDsDA6Yfzt3piWKIyi27xzz2KKDT58NTBciV8mIX9JIwz2xhb0yDBRKLN0fBtV4NOkdtnQJQEi7a2DpmYSIvpyFkbpeyKPFkXK_I8VUsxBt8m4XgTKmg9oj_mVcBSh_JH_8_o9IF8osucKmfwlgLeb0iryhIqca0DehUAmZFzX4hCm2qJN3zQKBDoTJzvIZI7K3iRE9ARwdIjmS4TwCU3EE5PK3ojlpQa3Js5_pxcXr-9MX5jvtAQXvVwD-bOG0mDd5TWfVyPDXnhdYDck9uipWBRhkN3bM38nkWJ9ALa9Ryx095mXuBO5U3qp5WnLuw3WlVXoU4FyKSw73cdBF8YwgLlKRMPGo9a2eF6fJiC7cpnh4SEjHgNXmwMUti3lqo3skytxuNV2YbbyKhVD04DRmAfjyrkyTSfiluEPXxZq8rA1UOK-UTNOFuiCmDFP36SN_o2bjpGXogEaJkfm775Srl0QaldMY_pMFMQl6TkoOKCCbyY_krgwXwRcf2cHMiKwC0fMlrBbkuNdsElAclWpAdCOjhp9dqfwkaxdW-WYImGGRBflkA9eba3M-d7sN1s4WAYYPpJaSqzLsW54EwZrTSuGuNxrmuuj5p53khCAroVVWrSe8Y09TUBwFrh1ba18aba5bEnNWUjmjhHgAMzodxCTNvIyJQepHaH9; _oauth2_proxy_1=TfxElq2137H6WI4IPeUo7XByaIHo-5gkuCl7YDk7wGPAtDqYRXBna7t-G3eIe-A8pSADpF_8e2Bb-E7lB9FGa2m5ipY5BN0iB51N2V_N4ZQS2pZw8B1zvDnJi1Lr45cavuT6T8E0sqrFXWOXOSdvQFz2P|1663082230|zdFzWYR9yQaaUcNO0TIXPxkStoQFqbot5fa2RiJ5iOw=
Host: 127.0.0.1:4180
sec-ch-ua: "Microsoft Edge";v="105", " Not;A Brand";v="99", "Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.33
Back to Top