[keycloak-dev] 2.3.0.Final error when refreshing half-way into browser auth flow
Martin Hardselius
martin.hardselius at gmail.com
Fri Oct 28 10:01:06 EDT 2016
There seems to be a problem with refreshing in the middle of browser auth
flow with more than one authenticators configured. The problem also appears
when refreshing the consent view.
ClientSessionCode#verifyCode() fails.
This was not an issue pre 2.3.0.Final to my knowledge.
Steps to reproduce the error.
1. Create a user
2. Log into the account client
3. Configure OTP
4. Logout
5. Login username/password
6. Refresh the page asking for OTP
or
1. Tick 'require consent' for the account client
2. Try to log in to the account client
3. Refresh consent view
Is this intended behaviour as of now, or is it an actual bug introduced in
the latest build?
More information about the keycloak-dev
mailing list