[keycloak-user] Client secret not provided in request
Sebastien Blanc
sblanc at redhat.com
Wed Dec 14 06:28:03 EST 2016
URL from configuration is the one from the keycloak.json :
"auth-server-url" , looks like you forgot an /auth
On Wed, Dec 14, 2016 at 12:02 PM, Charles Moulliard <cmoullia at redhat.com>
wrote:
> The curl request works now but I'm getting this error when the token
> received will be checked by the SpringBoot Tomcat Adapter
>
> Request
>
> curl -sk -X POST https://secure-sso-sso.e8ca.
> engint.openshiftapps.com/auth/realms/master/protocol/openid-connect/token
> -d grant_type=password -d username=admin -d client_secret=MYSECRET -d
> password=admin -d client_id=demoapp
>
> What "URL from configuration" refers to ?
>
> 2016-12-14 10:49:29.273 ERROR 1 --- [nio-8080-exec-6] o.k.a.
> BearerTokenRequestAuthenticator : Failed to verify token
>
> org.keycloak.common.VerificationException: Token audience doesn't match
> domain. Token issuer is https://secure-sso-sso.e8ca.
> engint.openshiftapps.com/auth/realms/master, but URL from configuration
> is https://secure-sso-sso.e8ca.engint.openshiftapps.com/realms/master
> at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:49)
> ~[keycloak-core-1.9.8.Final.jar!/:1.9.8.Final]
> at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:35)
> ~[keycloak-core-1.9.8.Final.jar!/:1.9.8.Final]
> at org.keycloak.adapters.BearerTokenRequestAuthenticato
> r.authenticateToken(BearerTokenRequestAuthenticator.java:87)
> ~[keycloak-adapter-core-1.9.8.Final.jar!/:1.9.8.Final]
> at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(
> BearerTokenRequestAuthenticator.java:82) ~[keycloak-adapter-core-1.9.8.
> Final.jar!/:1.9.8.Final]
> at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:65)
> ~[keycloak-adapter-core-1.9.8.Final.jar!/:1.9.8.Final]
> at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorV
> alve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:206)
> ~[keycloak-tomcat-core-adapter-1.9.8.Final.jar!/:1.9.8.Final]
> at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(
> KeycloakAuthenticatorValve.java:48) ~[keycloak-tomcat8-adapter-1.
> 9.8.Final.jar!/:1.9.8.Final]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:577)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(
> AbstractKeycloakAuthenticatorValve.java:187) ~[keycloak-tomcat-core-
> adapter-1.9.8.Final.jar!/:1.9.8.Final]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1100) [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:687) [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [na:1.8.0_101]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [na:1.8.0_101]
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-embed-core-8.0.36.jar!/:8.0.36]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
>
> Charles Moulliard
> Sr. Pr. Software Engineer @redhat
> cmoulliard at redhat.com | work: +31 205 65 12 84 <+31%2020%20565%201284> |
> mobile: +32 473 60 40 14 <+32%20473%2060%2040%2014>
> Twitter: @cmoulliard <http://twitter.com/cmoulliard> | blog:
> cmoulliard.github.io
> committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm,
> deltaspike
>
> On Wed, Dec 14, 2016 at 8:56 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Your guess is correct. Or you can also use the much more complicated way
>> of using basic auth header for client id and secret, but let's not get into
>> that ;)
>>
>> On 14 December 2016 at 08:54, Sebastien Blanc <sblanc at redhat.com> wrote:
>>
>>> I guess "-d client_secret=my_secret" ? ;)
>>>
>>> On Wed, Dec 14, 2016 at 8:48 AM, Charles Moulliard <cmoullia at redhat.com>
>>> wrote:
>>>
>>>> How do I provide the client secret within the curl request ? An example
>>>> would be great ;-)
>>>>
>>>> On Wed, Dec 14, 2016 at 8:27 AM, Stian Thorgersen <sthorger at redhat.com>
>>>> wrote:
>>>>
>>>> > Error message is pretty self explanatory here - you're missing the
>>>> client
>>>> > secret
>>>> >
>>>> > On 14 December 2016 at 08:17, Charles Moulliard <cmoullia at redhat.com>
>>>> > wrote:
>>>> >
>>>> >> Hi,
>>>> >>
>>>> >> Why do I get this error when I issue tthis curl request to get a
>>>> token
>>>> >>
>>>> >> curl -sk -X POST
>>>> >> https://secure-sso-sso.e8ca.engint.openshiftapps.com/auth/re
>>>> >> alms/master/protocol/openid-connect/token
>>>> >> -d
>>>> >> <https://secure-sso-sso.e8ca.engint.openshiftapps.com/auth/r
>>>> ealms/master/protocol/openid-connect/token-d>
>>>> >> grant_type=password -d username=admin -d password=admin -d
>>>> >> client_id=demoapp
>>>> >>
>>>> >> {"error_description":"Client secret not provided in
>>>> >> request","error":"unauthorized_client"}
>>>> >>
>>>> >> Keycloak Version : 1.9.8
>>>> >> client_id: demoapp
>>>> >>
>>>> >> Do I have to set another filed instead of username/password &
>>>> >> grant_type=password ?
>>>> >>
>>>> >> Regards,
>>>> >>
>>>> >> Charles
>>>> >> _______________________________________________
>>>> >> keycloak-user mailing list
>>>> >> keycloak-user at lists.jboss.org
>>>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> >>
>>>> >
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
More information about the keycloak-user
mailing list