[keycloak-user] Admin access token

Dmitry Telegin dt at acutus.pro
Thu Aug 16 19:06:01 EDT 2018 

Hi Yegui,

I kept curl running in cycle for ~15mins, but couldn't reproduce the issue. What version of Keycloak are you using? Could you try latest stable?

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Thu, 2018-08-16 at 15:00 -0400, Yegui Cai wrote:
> Hi all.
> 
> I am using the admin REST api to obtain an access token using curl:
> curl --insecure -i --request POST
> https://127.0.0.1:8666/auth/realms/master/protocol/openid-connect/token
> --header 'Accept: application/json' --header 'Content-Type:
> application/x-www-form-urlencoded' --data
> 'grant_type=password&username=admin&password=admin&client_id=admin-cli'
> 
> 
> The problem is after my standalone Keycloak running for a while (in between
> I keep curling access token), I can not get token anymore. The out put of
> curl is:
> 
> {"error":"invalid_grant","error_description":"Invalid user credentials"}%
> 
> > From TRACE level log, I read the following:
> 
> 2018-08-16 14:42:23,438 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-3) new
> JtaTransactionWrapper
> 
> 2018-08-16 14:42:23,439 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-3) was
> existing? false
> 
> 2018-08-16 14:42:23,454 TRACE
> [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (default
> task-3) Create JpaConnectionProvider
> 
> 2018-08-16 14:42:23,457 TRACE
> [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> by id cache hit: master
> 
> 2018-08-16 14:42:23,495 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-3)
> AUTHENTICATE CLIENT
> 
> 2018-08-16 14:42:23,497 TRACE
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> Using executions for client authentication:
> [33858fd1-64d3-42ae-8713-7a98e7e83700,
> 63bca01e-0342-4150-9b9c-7e7ceaeda8c6, 9b46d8e9-0331-4554-8d84-0ad8d5944b3e]
> 
> 2018-08-16 14:42:23,497 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> client authenticator: client-secret
> 
> 2018-08-16 14:42:23,510 TRACE
> [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> adding client by name cache miss: admin-cli
> 
> 2018-08-16 14:42:23,515 TRACE
> [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> client by id cache hit: admin-cli
> 
> 2018-08-16 14:42:23,516 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> client authenticator SUCCESS: client-secret
> 
> 2018-08-16 14:42:23,517 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> Client admin-cli authenticated by client-secret
> 
> 2018-08-16 14:42:23,519 DEBUG
> [org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory]
> (default task-3) [null] Registered cluster listeners
> 
> 2018-08-16 14:42:23,523 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: ADD on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,527 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,528 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,528 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,529 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,529 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,530 TRACE
> [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> client by id cache hit: admin-cli
> 
> 2018-08-16 14:42:23,530 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-3)
> AUTHENTICATE ONLY
> 
> 2018-08-16 14:42:23,532 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,533 TRACE
> [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> client by id cache hit: admin-cli
> 
> 2018-08-16 14:42:23,534 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> processFlow
> 
> 2018-08-16 14:42:23,534 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> check execution: direct-grant-validate-username requirement: REQUIRED
> 
> 2018-08-16 14:42:23,534 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> authenticator: direct-grant-validate-username
> 
> 2018-08-16 14:42:23,534 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> invoke authenticator.authenticate: direct-grant-validate-username
> 
> 2018-08-16 14:42:23,535 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,535 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getUserByUsername: admin
> 
> 2018-08-16 14:42:23,535 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> query null
> 
> 2018-08-16 14:42:23,583 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,583 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> authenticator SUCCESS: direct-grant-validate-username
> 
> 2018-08-16 14:42:23,584 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:23,584 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> check execution: direct-grant-validate-password requirement: REQUIRED
> 
> 2018-08-16 14:42:23,584 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> authenticator: direct-grant-validate-password
> 
> 2018-08-16 14:42:23,584 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:23,584 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> return managedusers
> 
> 2018-08-16 14:42:23,584 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> invoke authenticator.authenticate: direct-grant-validate-password
> 
> 2018-08-16 14:42:23,584 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:23,584 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> return managedusers
> 
> 2018-08-16 14:42:24,010 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> authenticator SUCCESS: direct-grant-validate-password
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:24,010 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> check execution: direct-grant-validate-otp requirement: OPTIONAL
> 
> 2018-08-16 14:42:24,010 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> authenticator: direct-grant-validate-otp
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> return managedusers
> 
> 2018-08-16 14:42:24,010 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> invoke authenticator.authenticate: direct-grant-validate-otp
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> return managedusers
> 
> 2018-08-16 14:42:24,010 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> authenticator ATTEMPTED: direct-grant-validate-otp
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> (default task-3) Adding cache operation: REPLACE on
> d43ccba6-2640-48a6-9c21-0f777b2fd972
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> return managedusers
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:24,010 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> return managedusers
> 
> 2018-08-16 14:42:24,014 DEBUG
> [org.keycloak.authentication.requiredactions.VerifyEmail] (default task-3)
> User is required to verify email
> 
> 2018-08-16 14:42:24,014 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> 
> 2018-08-16 14:42:24,015 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> registered for invalidation return delegate
> 
> 2018-08-16 14:42:24,017 TRACE [org.keycloak.events] (default task-3)
> type=LOGIN_ERROR, realmId=master, clientId=admin-cli, userId=null,
> ipAddress=127.0.0.1, error=resolve_required_actions,
> auth_method=openid-connect, grant_type=password,
> client_auth_method=client-secret, username=admin, requestUri=
> https://127.0.0.1:8666/auth/realms/master/protocol/openid-connect/token,
> cookies=[]
> 
> 2018-08-16 14:42:24,027 TRACE [org.keycloak.services.resources.Cors]
> (default task-3) No origin header ignoring
> 
> 2018-08-16 14:42:24,028 TRACE [org.keycloak.services.resources.Cors]
> (default task-3) No origin header ignoring
> 
> 2018-08-16 14:42:24,028 TRACE [org.keycloak.services.resources.Cors]
> (default task-3) No origin header ignoring
> 
> 2018-08-16 14:42:24,030 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-3)
> JtaTransactionWrapper  commit
> 
> 2018-08-16 14:42:24,032 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-3)
> JtaTransactionWrapper end
> 
> 2018-08-16 14:42:24,034 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheManager] (default task-3)
> Removed key='master.username.admin',
> value='UserListQuery{id='master.username.admin'realmName='master'}' from
> cache
> 
> 2018-08-16 14:42:24,036 TRACE
> [org.keycloak.models.cache.infinispan.UserCacheManager] (default task-3)
> Removed key='b0942806-9744-4571-9216-d9fb57bd9d2f',
> value='org.keycloak.models.cache.infinispan.entities.CachedUser at 2ae0edf1'
> from cache
> 
> 2018-08-16 14:42:24,037 TRACE
> [org.keycloak.cluster.infinispan.InfinispanNotificationsManager] (default
> task-3) Sending event with key 5daeb51e-3aac-4c81-add1-4e24209e62b4:
> UserUpdatedEvent [ userId=b0942806-9744-4571-9216-d9fb57bd9d2f,
> username=admin, email=null ]
> 
> 2018-08-16 14:42:24,065 TRACE
> [org.keycloak.connections.jpa.DefaultJpaConnectionProvider] (default
> task-3) DefaultJpaConnectionProvider close()
> 
> 
> 
> 
> Could it be a potential bug? Or the way I use the admin rest api is not
> right?
> 
> 
> Thanks a lot!
> 
> Y.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list