[keycloak-user] Problems when trying to retrieve access token using nodejs oidc adapter
Robert Parker
robert.parker at weareact.com
Fri Aug 25 05:32:31 EDT 2017
Hi,
I am facing an issue using the keycloak-nodejs-connect adapter in my project.
The issue surfaces after the adapter authenticates my user account I have setup, so receives a code, and then attempts to exchange this code for an access token.
The adapter sends back an 'access denied' response and in the keycloak logs I see an error as follows:
09:55:44,116 WARN [org.keycloak.events] (default task-28) type=CODE_TO_TOKEN_ERROR, realmId=Actora, clientId=actora-test, userId=null, ipAddress=192.168.132.45, error=invalid_code, grant_type=authorization_code, code_id=c454ec60-6f07-4229-8a48-f0fa126609e4, client_auth_method=client-secret
Watching the browser calls that are made, after initial login to get the user's code value, I see the redirect back to my main web application along with callback query param:
http://localhost:5001/?auth_callback=1&state=cd0dd57d-59b6-45e4-a51e-22f4488b9d63&code=uss.iOE-JzsGTPvF3vhzWTQauRC0J-dlNQaORsDZ_aEs0vc.c454ec60-6f07-4229-8a48-f0fa126609e4.6de278b6-985b-4beb-af72-54f27332eb49
So for the code I can see the code param in the callback contains the code_id value referenced in my keycloak error log mentioned further above - c454ec60-6f07-4229-8a48-f0fa126609e4
I am assuming the long code value prefixed with the 'uss.' part gets decoded by keycloak to extract the value it needs?
I have debugged through the adapter library locally to see how it's performing the calls and oddly I have found in the keycloak-auth-utils\lib\grant-manager.js a fetch function is called but with options set for a POST request. The promise in this fetch function gets rejected as the status code returned from keycloak server is a 400 Bad Request.
I don't know what else to do here, I have re-read the getting started section on the keycloak documentation and I can't see any obvious setup steps I have missed.
Can someone offer any clues as to what may be going on here please?
Thanks
Rob
________________________________
Robert Parker - Front End Developer
Applied Card Technologies Ltd
Cardiff Office
14 St Andrews Crescent
Caerdydd
Cardiff
CF10 3DD
+44 (0) 2922 331860
Robert.Parker at weareACT.com
www.weareACT.com<http://www.weareact.com>
Registered in England : 04476799
________________________________
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside Northern Ireland, England and Wales).
The views expressed in this email are not necessarily the views of Applied Card Technologies Ltd. The company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
[http://www.weareact.com/media/11610/email_footer_tree.gif]Please consider the environment before printing this email.
________________________________
More information about the keycloak-user
mailing list