[keycloak-dev] Force Token Authentication Method
Tech
tech at psynd.net
Tue Mar 14 13:04:12 EDT 2017
Dear experts,
we are integrating an application, Moodle, that apparently has an
openIdConnect plugin that is already working with Azure (we tested alredy).
Changing the IDP from Azure to Keycloak, we get the following error:
"Error in OpenID Connect: Code not valid"
line 54 of /auth/oidc/classes/utils.php: moodle_exception thrown
line 252 of /auth/oidc/classes/oidcclient.php: call to
auth_oidc\utils::process_json_response()
line 197 of /auth/oidc/classes/loginflow/authcode.php: call to
auth_oidc\oidcclient->tokenrequest()
line 85 of /auth/oidc/classes/loginflow/authcode.php: call to
auth_oidc\loginflow\authcode->handleauthresponse()
line 105 of /auth/oidc/auth.php: call to
auth_oidc\loginflow\authcode->handleredirect()
line 29 of /auth/oidc/index.php: call to auth_plugin_oidc->handleredirect()
Where the Code has the following format:
"hZvVPC6iqBAZk9sXNbGGFa4hyHSdfLvsQ8adtGXS1dI8789b5e7-2d4f-4336-9896-981621969138"
We opened the .well-known and we have:
"token_endpoint_auth_methods_supported": "private_key_jwt",
"client_secret_basic", "client_secret_post".
Checking online
https://github.com/Microsoft/o365-moodle/issues/200
We found out the identical stack trace and that other person resolved
the issue changing the Token Authentication Method to
client_secret_post, but from the .well-known, we saw that it's already
between the accepted auth methods for our Keycloak.
Have you any advise?
Thanks
More information about the keycloak-dev
mailing list