[keycloak-user] Need help getting authorization code flow working
David Erie (US)
David.Erie at datapath.com
Fri Sep 7 17:44:40 EDT 2018
Hi,
I am having trouble exchanging an OIDC auth code for an access token after logging in with Keycloak. I am getting this error back in the response:
{error: "invalid_grant", error_description: "Code not valid"}
The Keycloak log has these entries:
WARN [org.keycloak.services.managers.CodeGenerateUtil] (default task-51) Code '6023c45e-c4de-4094-a29e-f8ef36b5a937' already used for userSession 'e8eb1e32-dbed-42d9-97f3-fc8e5be6e6ae' and client 'cb65bac8-abdb-4e55-b098-efa686127460'.
WARN [org.keycloak.events] (default task-51) type=CODE_TO_TOKEN_ERROR, realmId=<snip>, clientId=<snip>, userId=null, ipAddress=<snip>, error=invalid_code, grant_type=authorization_code, code_id=e8eb1e32-dbed-42d9-97f3-fc8e5be6e6ae, client_auth_method=client-secret
My request looks like this:
http://<snip>/auth/realms/<snip>/protocol/openid-connect/token
Headers:
Authorization: Basic <snip>
Content-Type: application/x-www-form-urlencoded
Form data:
grant_type=authorization_code&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..Z5T9_-SBkuEy25gr8rUyrQ.L4_ZTTybr9vWOli6Yb42Qk1vfGGmCIk3hdNHF9-y7khYqoDG_MH8f9_qQqF83v9kjLOUT8vDNpH9Eu7QFB8hnWnVXbAuwJbJNz5b8ui_7fvZsxcr3PPzpaLEXLW16unghsLtToqXy8sWcFq-ceSJ8ebmyoFNkEUG_1sy0-02iK7s2TConuXTkhVeSvDj4sPz3TsllIP0ZxxfX3TSgrmgd7TfZnw4-JZy1M3blqC6i8Ba9F3t_XrER-HeaxHgpj6K.asPxD74Yr-k2wDeAsTRlZw&redirect_uri=<snip>
I am not using the Keycloak JS adapter (it's a long story), but I'm using it as a guide for what to do after getting the code back in order to get the tokens.
Any help would be appreciated.
Thank you,
Dave
More information about the keycloak-user
mailing list