[keycloak-user] CODE_TO_TOKEN_ERROR - Could not obtain grant code error

Thu Aug 24 09:21:18 EDT 2017

Hi,

I have just started using keycloak and am using the nodejs adapter which I have configured and have my client application being redirected to the keycloak login screen.

When attempting to login I am seeing a 'Could not obtain grant code error' from my express server log and in our keycloak server log I see the following:

12:07:12,341 WARN [org.keycloak.events] (default task-30) type=CODE_TO_TOKEN_ERROR, realmId=myrealm, clientId=client-test, userId=xxx, ipAddress=xxx.xxx.xxx.xx, error=invalid_code, grant_type=authorization_code, code_id=13f4c40b-667c-4750-a19e-d21219736c12, client_auth_method=client-secret

We are making use of the authorization code flow, and I think I am correct in believing the first step of authenticating the user is completing as I see cookies are being set for AUTH_SESSION_ID, KEYCLOAK_SESSION and KEYCLOAK_IDENTITY.

The error I am seeing gets invoked when a GET request is made back to my client application with an auth_callback querystring:

http://localhost:5001/?auth_callback=1&state=05eda0dd-2a51-4b68-b87e-8777ee2c63f8&code=uss.sldbbK4K_pOwWx1UiGq21AQm7dI8DGVZRQ-4lIs1fF4.13f4c40b-667c-4750-a19e-d21219736c12.6de278b6-985b-4beb-af72-54f27332eb49

I can see a code param is present here, part of which contains the code_id referenced in the keycloak log - 13f4c40b-667c-4750-a19e-d21219736c12

I haven't come across anything in the docs when I started setting up my realm\client\users that mentions anything about these codes, have I possibly missed a configuration step?

Thanks
________________________________
Robert Parker - Front End Developer
Applied Card Technologies Ltd
Cardiff Office
14 St Andrews Crescent
Caerdydd
Cardiff
CF10 3DD
+44 (0) 2922 331860

Robert.Parker at weareACT.com
www.weareACT.com<http://www.weareact.com>

Registered in England : 04476799
________________________________
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside Northern Ireland, England and Wales).

The views expressed in this email are not necessarily the views of Applied Card Technologies Ltd. The company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
[http://www.weareact.com/media/11610/email_footer_tree.gif]Please consider the environment before printing this email.
________________________________