The error message indicates that the redirect_uri in the authorization request doesn't match the value in the token request. From what you've pasted it looks correct, but you should double check that the values are indeed the same. May be some double encoding issue? On Fri, 23 Aug 2019 at 20:36, Julián D. Zorzenón <comm.ass(a)gmail.com&gt; wrote: > Hi, > > I'm trying to setup a public client in Keycloak 6.0.1 to make an > Authorization Code Flow to work but it fails on the post after the > redirect. > > 1. I've create the following client in the realm "test": > client id => keycloak-java-form-example > enabled => on > client protocol => openid-connect > access type => public > standard flow enabled => on > valid redirect uris => http://localhost:9090/* > > 2. Manually created a user. > 3. Created a simple app. When you go to http://localhost:9090/ it > redirects > to: > > > https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/aut... > > 4. I log in in the form and get the response on the endpoint > http://localhost:9090/cb with a code (for example: > > 337f8ec8-dbdd-4965-b538-e5a4fbfff6b4.4cb543a8-1585-4bd0-b174-031288cf3032.cf57276c-98a9-48d3-b460-c678af3f8eb2). > > 5. I make the following POST request: > POST > > https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/token > grant_type=authorization_code > <https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/tok... > client_id=keycloak-java-form-example > > code=337f8ec8-dbdd-4965-b538-e5a4fbfff6b4.4cb543a8-1585-4bd0-b174-031288cf3032.cf57276c-98a9-48d3-b460-c678af3f8eb2 > redirect_uri=http%3A%2F%2Flocalhost%3A9090%2Fcb > > The response is: > 400 > {"error":"invalid_grant","error_description":"Incorrect redirect_uri"} > > I'm not sure what I'm missing. > > Thanks > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >