Caddy auth with jwt

Dear caddiers :wink:

I try to use the authenticated User from KC (keycloak) to accesses a resource on caddy webserver.

I try to use the caddy module:

I have a realm called “customer001”.
I don’t know which of the secrets should I use from kc to put into JWT_SECRET.
This environment variable JWT_SECRET use the caddy module to check if the JWT is walid

The jwt looks like this.

“jti”: “”,
“exp”: ,
“nbf”: 0,
“iat”: ,
“iss”: “https://kc./auth/realms/customer001”,
“aud”: “portal”,
“typ”: “Bearer”,
“azp”: “portal”,
“nonce”: “”,
“session_state”: “”,
“client_session”: “”,
“allowed-origins”: [
“resource_access”: {
“account”: {
“roles”: [
“name”: “Full NAME”,
“preferred_username”: “MY_EMAIL@MY-DOMAIN”,
“given_name”: “GN”,
“family_name”: “FN”,

So when I try to access the resource I always get a 401.

curl -vo /dev/null -H 'Authorization: Bearer '$(<lll) https://www.MY-DOMAIN/download/linux.tar.gz

caddy config

http://:2015 {
redir 301 {
if {path} not_match ^/download.*
/ https://{$REDIR_DOMAIN}/

realip {

log stdout
errors stdout

tls off

jwt {
path /download
allow iss https://kc./auth/realms/customer001
allow aud portal

Any hint?

BR aleks

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.