Are you intending to use a confidential or public client? Typical setup of the JavaScript adapter is public. Reason I as is in your error I see... client_auth_method=client-secret ________________________________ From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; on behalf of Robert Parker <robert.parker(a)weareact.com&gt; Sent: Thursday, August 24, 2017 9:21:18 AM To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] CODE_TO_TOKEN_ERROR - Could not obtain grant code error Hi, I have just started using keycloak and am using the nodejs adapter which I have configured and have my client application being redirected to the keycloak login screen. When attempting to login I am seeing a 'Could not obtain grant code error' from my express server log and in our keycloak server log I see the following: 12:07:12,341 WARN [org.keycloak.events] (default task-30) type=CODE_TO_TOKEN_ERROR, realmId=myrealm, clientId=client-test, userId=xxx, ipAddress=xxx.xxx.xxx.xx, error=invalid_code, grant_type=authorization_code, code_id=13f4c40b-667c-4750-a19e-d21219736c12, client_auth_method=client-secret We are making use of the authorization code flow, and I think I am correct in believing the first step of authenticating the user is completing as I see cookies are being set for AUTH_SESSION_ID, KEYCLOAK_SESSION and KEYCLOAK_IDENTITY. The error I am seeing gets invoked when a GET request is made back to my client application with an auth_callback querystring: http://localhost:5001/?auth_callback=1&state=05eda0dd-2a51-4b68-b87e-... I can see a code param is present here, part of which contains the code_id referenced in the keycloak log - 13f4c40b-667c-4750-a19e-d21219736c12 I haven't come across anything in the docs when I started setting up my realm\client\users that mentions anything about these codes, have I possibly missed a configuration step? Thanks ________________________________ Robert Parker - Front End Developer Applied Card Technologies Ltd Cardiff Office 14 St Andrews Crescent Caerdydd Cardiff CF10 3DD +44 (0) 2922 331860 Robert.Parker(a)weareACT.com www.weareACT.com<http://www.weareact.com> Registered in England : 04476799 ________________________________ The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside Northern Ireland, England and Wales). The views expressed in this email are not necessarily the views of Applied Card Technologies Ltd. The company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary. [http://www.weareact.com/media/11610/email_footer_tree.gif]Please consider the environment before printing this email. ________________________________ _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user