[keycloak-dev] Force Token Authentication Method

Tech tech at psynd.net
Tue Mar 14 13:04:12 EDT 2017

Dear experts,

we are integrating an application, Moodle, that apparently has an 
openIdConnect plugin that is already working with Azure (we tested alredy).

Changing the IDP from Azure to Keycloak, we get the following error:

"Error in OpenID Connect: Code not valid"

line 54 of /auth/oidc/classes/utils.php: moodle_exception thrown
line 252 of /auth/oidc/classes/oidcclient.php: call to 
line 197 of /auth/oidc/classes/loginflow/authcode.php: call to 
line 85 of /auth/oidc/classes/loginflow/authcode.php: call to 
line 105 of /auth/oidc/auth.php: call to 
line 29 of /auth/oidc/index.php: call to auth_plugin_oidc->handleredirect()

Where the Code has the following format: 

We opened the .well-known and we have: 
"token_endpoint_auth_methods_supported": "private_key_jwt", 
"client_secret_basic", "client_secret_post".

Checking online


We found out the identical stack trace and that other person resolved 
the issue changing the Token Authentication Method to 
client_secret_post, but from the .well-known, we saw that it's already 
between the accepted auth methods for our Keycloak.

Have you any advise?


More information about the keycloak-dev mailing list