Too many redirects - Keycloak Authentication

I’m trying to integrate keycloak following the documentation here.
The error I get is ERR_TOO_MANY_REDIRECTS on Chrome. Could anyone help me figure out what is wrong?
(As a first time user, I can’t post links, so I’ve tried to obfuscate it a bit :frowning: )

My config.yaml file.

    OAUTH2_AUTHORIZE_URL: my-keycloak-site/auth/realms/15rock/protocol/openid-connect/auth
    OAUTH2_TOKEN_URL: my-keycloak-site/auth/realms/15rock/protocol/openid-connect/token
    OAUTH_CALLBACK_URL: my-notebook-site/hub/oauth_callback
    type: custom
      className: oauthenticator.generic.GenericOAuthenticator
        login_service: "keycloak"
        client_id: "jupyterhub"
        client_secret: "mysecret"
        token_url: my-keycloak-site/auth/realms/15rock/protocol/openid-connect/token
        userdata_url: my-keycloak-site/auth/realms/15rock/protocol/openid-connect/userinfo
        userdata_method: GET
        userdata_params: {'state': 'state'}
        username_key: preferred_username

My URL which fails


My Keycloak setting:

client id: jupyterhub
Valid Redirect URIs: my-notebook-site/hub/oauth_callback

I ran into this issue for a little while using our own custom oauth service but I think the solution will likely be the same.

The issue for me was that the callback URI needed to be set in both locations. I am not positive on Keycloak, but you probably need to not only authorize that callback URI as a valid redirect URI (which I see that you have done), but also configure the specific application (the one where you generated your secret keys from) in Keycloak to actually use the callback URI.

I suspect more configuration on the Keycloak end of things is your ticket here.

Additionally, the POST body of authenticate in the generic authenticator omits the client_id and client_secret values by default. (They are not passed in just because you set them in your auth.custom.config.client_secret/id.) To get these values in your POST body you will also need to add the following:

        client_id : 'ID'
        client_secret: 'SECRET'

I got it to work. I think the issue is on the jupyterhub side where it is not recognizing the environment variable. Pleas see my comment here and the solution just below