Thank You. I have not used Keycloak before. I will let you know if I post a video using keycloak. I hope it should work the same way as any other Identity Provider.

@@securityinaction1018 The workflow is indeed same but I am getting 561 Authentication Error for some reason.

I think it should be some configuration issue in KeyCloak or ALB. You can check if this solution works. stackoverflow.com/questions/62820277/aws-application-load-balancer-with-onelogin-giving-561-authentication-error#:~:text=HTTP%20561%3A%20Unauthorized%20You%20configured,code%20when%20authenticating%20the%20user

This ALB setup uses OIDC Authorization code grant flow which involves user interaction. For M2M or Machine-To-Machine APIs, you can use AWS API gateway. Front-end app can be behind ALB which will perform a user authentication and generate ID, Access & Refresh tokens. Backend APIs can be behind API Gateway which will validate the access token to allow / deny access.

Are you referring to the lambda function that returns the headers? If so, please share the code here and I can check it.

Yes, I am not sure how to write it, if you could help with some example method. Thanks

Please watch this video kzbin.info/www/bejne/aWKngoyiqap_nZo to create that lambda function. This link is also available in the details section.