[keycloak-dev] 2.3.0.Final error when refreshing half-way into browser auth flow

Martin Hardselius martin.hardselius at gmail.com
Fri Oct 28 10:01:06 EDT 2016


There seems to be a problem with refreshing in the middle of browser auth
flow with more than one authenticators configured. The problem also appears
when refreshing the consent view.

ClientSessionCode#verifyCode() fails.

This was not an issue pre 2.3.0.Final to my knowledge.

Steps to reproduce the error.

1. Create a user
2. Log into the account client
3. Configure OTP
4. Logout
5. Login username/password
6. Refresh the page asking for OTP

or

1. Tick 'require consent' for the account client
2. Try to log in to the account client
3. Refresh consent view

Is this intended behaviour as of now, or is it an actual bug introduced in
the latest build?


More information about the keycloak-dev mailing list