[keycloak-user] Admin access token
Yegui Cai
caiyegui at gmail.com
Thu Aug 16 19:18:00 EDT 2018
I was using 4.1.0.
I will see if I can reproduce it.
Thanks.
On Thu, Aug 16, 2018 at 7:06 PM Dmitry Telegin <dt at acutus.pro> wrote:
> Hi Yegui,
>
> I kept curl running in cycle for ~15mins, but couldn't reproduce the
> issue. What version of Keycloak are you using? Could you try latest stable?
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> <https://maps.google.com/?q=Pod+lipami+street+339/52,+130+00+Prague+3,+Czech+Republic&entry=gmail&source=g>
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Thu, 2018-08-16 at 15:00 -0400, Yegui Cai wrote:
> > Hi all.
> >
> > I am using the admin REST api to obtain an access token using curl:
> > curl --insecure -i --request POST
> > https://127.0.0.1:8666/auth/realms/master/protocol/openid-connect/token
> > --header 'Accept: application/json' --header 'Content-Type:
> > application/x-www-form-urlencoded' --data
> > 'grant_type=password&username=admin&password=admin&client_id=admin-cli'
> >
> >
> > The problem is after my standalone Keycloak running for a while (in
> between
> > I keep curling access token), I can not get token anymore. The out put of
> > curl is:
> >
> > {"error":"invalid_grant","error_description":"Invalid user credentials"}%
> >
> > > From TRACE level log, I read the following:
> >
> > 2018-08-16 14:42:23,438 DEBUG
> > [org.keycloak.transaction.JtaTransactionWrapper] (default task-3) new
> > JtaTransactionWrapper
> >
> > 2018-08-16 14:42:23,439 DEBUG
> > [org.keycloak.transaction.JtaTransactionWrapper] (default task-3) was
> > existing? false
> >
> > 2018-08-16 14:42:23,454 TRACE
> > [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory]
> (default
> > task-3) Create JpaConnectionProvider
> >
> > 2018-08-16 14:42:23,457 TRACE
> > [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> > by id cache hit: master
> >
> > 2018-08-16 14:42:23,495 DEBUG
> > [org.keycloak.authentication.AuthenticationProcessor] (default task-3)
> > AUTHENTICATE CLIENT
> >
> > 2018-08-16 14:42:23,497 TRACE
> > [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> > Using executions for client authentication:
> > [33858fd1-64d3-42ae-8713-7a98e7e83700,
> > 63bca01e-0342-4150-9b9c-7e7ceaeda8c6,
> 9b46d8e9-0331-4554-8d84-0ad8d5944b3e]
> >
> > 2018-08-16 14:42:23,497 DEBUG
> > [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> > client authenticator: client-secret
> >
> > 2018-08-16 14:42:23,510 TRACE
> > [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> > adding client by name cache miss: admin-cli
> >
> > 2018-08-16 14:42:23,515 TRACE
> > [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> > client by id cache hit: admin-cli
> >
> > 2018-08-16 14:42:23,516 DEBUG
> > [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> > client authenticator SUCCESS: client-secret
> >
> > 2018-08-16 14:42:23,517 DEBUG
> > [org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
> > Client admin-cli authenticated by client-secret
> >
> > 2018-08-16 14:42:23,519 DEBUG
> >
> [org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory]
> > (default task-3) [null] Registered cluster listeners
> >
> > 2018-08-16 14:42:23,523 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: ADD on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,527 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,528 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,528 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,529 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,529 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,530 TRACE
> > [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> > client by id cache hit: admin-cli
> >
> > 2018-08-16 14:42:23,530 DEBUG
> > [org.keycloak.authentication.AuthenticationProcessor] (default task-3)
> > AUTHENTICATE ONLY
> >
> > 2018-08-16 14:42:23,532 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,533 TRACE
> > [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
> > client by id cache hit: admin-cli
> >
> > 2018-08-16 14:42:23,534 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > processFlow
> >
> > 2018-08-16 14:42:23,534 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > check execution: direct-grant-validate-username requirement: REQUIRED
> >
> > 2018-08-16 14:42:23,534 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > authenticator: direct-grant-validate-username
> >
> > 2018-08-16 14:42:23,534 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > invoke authenticator.authenticate: direct-grant-validate-username
> >
> > 2018-08-16 14:42:23,535 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,535 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getUserByUsername: admin
> >
> > 2018-08-16 14:42:23,535 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > query null
> >
> > 2018-08-16 14:42:23,583 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,583 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > authenticator SUCCESS: direct-grant-validate-username
> >
> > 2018-08-16 14:42:23,584 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:23,584 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > check execution: direct-grant-validate-password requirement: REQUIRED
> >
> > 2018-08-16 14:42:23,584 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > authenticator: direct-grant-validate-password
> >
> > 2018-08-16 14:42:23,584 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:23,584 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > return managedusers
> >
> > 2018-08-16 14:42:23,584 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > invoke authenticator.authenticate: direct-grant-validate-password
> >
> > 2018-08-16 14:42:23,584 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:23,584 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > return managedusers
> >
> > 2018-08-16 14:42:24,010 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > authenticator SUCCESS: direct-grant-validate-password
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:24,010 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > check execution: direct-grant-validate-otp requirement: OPTIONAL
> >
> > 2018-08-16 14:42:24,010 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > authenticator: direct-grant-validate-otp
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > return managedusers
> >
> > 2018-08-16 14:42:24,010 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > invoke authenticator.authenticate: direct-grant-validate-otp
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > return managedusers
> >
> > 2018-08-16 14:42:24,010 DEBUG
> > [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
> > authenticator ATTEMPTED: direct-grant-validate-otp
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
> > (default task-3) Adding cache operation: REPLACE on
> > d43ccba6-2640-48a6-9c21-0f777b2fd972
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > return managedusers
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:24,010 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > return managedusers
> >
> > 2018-08-16 14:42:24,014 DEBUG
> > [org.keycloak.authentication.requiredactions.VerifyEmail] (default
> task-3)
> > User is required to verify email
> >
> > 2018-08-16 14:42:24,014 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
> >
> > 2018-08-16 14:42:24,015 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
> > registered for invalidation return delegate
> >
> > 2018-08-16 14:42:24,017 TRACE [org.keycloak.events] (default task-3)
> > type=LOGIN_ERROR, realmId=master, clientId=admin-cli, userId=null,
> > ipAddress=127.0.0.1, error=resolve_required_actions,
> > auth_method=openid-connect, grant_type=password,
> > client_auth_method=client-secret, username=admin, requestUri=
> > https://127.0.0.1:8666/auth/realms/master/protocol/openid-connect/token,
> > cookies=[]
> >
> > 2018-08-16 14:42:24,027 TRACE [org.keycloak.services.resources.Cors]
> > (default task-3) No origin header ignoring
> >
> > 2018-08-16 14:42:24,028 TRACE [org.keycloak.services.resources.Cors]
> > (default task-3) No origin header ignoring
> >
> > 2018-08-16 14:42:24,028 TRACE [org.keycloak.services.resources.Cors]
> > (default task-3) No origin header ignoring
> >
> > 2018-08-16 14:42:24,030 DEBUG
> > [org.keycloak.transaction.JtaTransactionWrapper] (default task-3)
> > JtaTransactionWrapper commit
> >
> > 2018-08-16 14:42:24,032 DEBUG
> > [org.keycloak.transaction.JtaTransactionWrapper] (default task-3)
> > JtaTransactionWrapper end
> >
> > 2018-08-16 14:42:24,034 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheManager] (default task-3)
> > Removed key='master.username.admin',
> > value='UserListQuery{id='master.username.admin'realmName='master'}' from
> > cache
> >
> > 2018-08-16 14:42:24,036 TRACE
> > [org.keycloak.models.cache.infinispan.UserCacheManager] (default task-3)
> > Removed key='b0942806-9744-4571-9216-d9fb57bd9d2f',
> > value='org.keycloak.models.cache.infinispan.entities.CachedUser at 2ae0edf1
> '
> > from cache
> >
> > 2018-08-16 14:42:24,037 TRACE
> > [org.keycloak.cluster.infinispan.InfinispanNotificationsManager] (default
> > task-3) Sending event with key 5daeb51e-3aac-4c81-add1-4e24209e62b4:
> > UserUpdatedEvent [ userId=b0942806-9744-4571-9216-d9fb57bd9d2f,
> > username=admin, email=null ]
> >
> > 2018-08-16 14:42:24,065 TRACE
> > [org.keycloak.connections.jpa.DefaultJpaConnectionProvider] (default
> > task-3) DefaultJpaConnectionProvider close()
> >
> >
> >
> >
> > Could it be a potential bug? Or the way I use the admin rest api is not
> > right?
> >
> >
> > Thanks a lot!
> >
> > Y.
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list