Re: [keycloak-user] error=pkce_verification_failed

Hello, After upgrading our Keycloak version to 3.1.0, we’ve started seeing the following error in one of our use cases (using AppAuth). 2017-07-11 16:21:12,134 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE supporting Client, codeVerifier = KX3heFUICMscL03Xv_STmf5hgRSsvm5VxnN0DIQob5wRAIGFyVqCn6hQ6w9exPyUtFaMcue1Uole-bTdHP6KaA 2017-07-11 16:21:12,134 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE codeChallengeMethod = S256 2017-07-11 16:21:12,135 WARN [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE verification failed. authUserId = a71bd8ee-fe4b-4259-81c5-5e8e09940f47, authUsername = someone(a)somewhere.nl 2017-07-11 16:21:12,136 WARN [org.keycloak.events] (default task-24) type=CODE_TO_TOKEN_ERROR, realmId=x, clientId=x, userId=a71bd8ee-fe4b-4259-81c5-5e8e09940f47, ipAddress=x.x.x.x, error=pkce_verification_failed, grant_type=authorization_code, code_id=1cf7b8f2-5462-4cf4-a228-ba0cc4501e82, client_auth_method=client-secret I saw this bug report, which could be related to the issue (still open for 3.2.0 as well): https://issues.jboss.org/browse/KEYCLOAK-4956 Is it possible to disable PKCE from Keycloak configuration? Met vriendelijke groet, Federico Navarro backend developer federico@info.nl<mailto:federico@info.nl> | LinkedIn<https://www.linkedin.com/company/info-nl> | +31 (0)2 05 30 91 61<tel:+31205309161> info.nl<http://www.info.nl/> Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 9100<tel:+31205309100> _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user