[keycloak-user] error=pkce_verification_failed
Marek Posolda
mposolda at redhat.com
Tue Jul 11 16:56:20 EDT 2017
Still I would try to upgrade to 3.2.0.Final if possible. AFAIK there was
some related fixes in there, so worth to try if it's not a lot of work
for you. Otherwise workaround is to disable PKCE for your adapter, which
will also remove all related parameters from the initial request to
Keycloak.
Marek
On 11/07/17 16:38, Federico Navarro Polo - Info.nl wrote:
> Hello,
>
> After upgrading our Keycloak version to 3.1.0, we’ve started seeing the following error in one of our use cases (using AppAuth).
>
> 2017-07-11 16:21:12,134 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE supporting Client, codeVerifier = KX3heFUICMscL03Xv_STmf5hgRSsvm5VxnN0DIQob5wRAIGFyVqCn6hQ6w9exPyUtFaMcue1Uole-bTdHP6KaA
> 2017-07-11 16:21:12,134 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE codeChallengeMethod = S256
> 2017-07-11 16:21:12,135 WARN [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE verification failed. authUserId = a71bd8ee-fe4b-4259-81c5-5e8e09940f47, authUsername = someone at somewhere.nl
> 2017-07-11 16:21:12,136 WARN [org.keycloak.events] (default task-24) type=CODE_TO_TOKEN_ERROR, realmId=x, clientId=x, userId=a71bd8ee-fe4b-4259-81c5-5e8e09940f47, ipAddress=x.x.x.x, error=pkce_verification_failed, grant_type=authorization_code, code_id=1cf7b8f2-5462-4cf4-a228-ba0cc4501e82, client_auth_method=client-secret
>
>
> I saw this bug report, which could be related to the issue (still open for 3.2.0 as well): https://issues.jboss.org/browse/KEYCLOAK-4956
>
> Is it possible to disable PKCE from Keycloak configuration?
>
>
> Met vriendelijke groet,
>
> Federico Navarro
>
> backend developer
>
> federico at info.nl<mailto:federico at info.nl> | LinkedIn<https://www.linkedin.com/company/info-nl> | +31 (0)2 05 30 91 61<tel:+31205309161>
>
> info.nl<http://www.info.nl/>
>
> Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 9100<tel:+31205309100>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list