[keycloak-user] error=pkce_verification_failed
Federico Navarro Polo - Info.nl
federico at info.nl
Tue Jul 11 10:38:33 EDT 2017
Hello,
After upgrading our Keycloak version to 3.1.0, we’ve started seeing the following error in one of our use cases (using AppAuth).
2017-07-11 16:21:12,134 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE supporting Client, codeVerifier = KX3heFUICMscL03Xv_STmf5hgRSsvm5VxnN0DIQob5wRAIGFyVqCn6hQ6w9exPyUtFaMcue1Uole-bTdHP6KaA
2017-07-11 16:21:12,134 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE codeChallengeMethod = S256
2017-07-11 16:21:12,135 WARN [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-24) PKCE verification failed. authUserId = a71bd8ee-fe4b-4259-81c5-5e8e09940f47, authUsername = someone at somewhere.nl
2017-07-11 16:21:12,136 WARN [org.keycloak.events] (default task-24) type=CODE_TO_TOKEN_ERROR, realmId=x, clientId=x, userId=a71bd8ee-fe4b-4259-81c5-5e8e09940f47, ipAddress=x.x.x.x, error=pkce_verification_failed, grant_type=authorization_code, code_id=1cf7b8f2-5462-4cf4-a228-ba0cc4501e82, client_auth_method=client-secret
I saw this bug report, which could be related to the issue (still open for 3.2.0 as well): https://issues.jboss.org/browse/KEYCLOAK-4956
Is it possible to disable PKCE from Keycloak configuration?
Met vriendelijke groet,
Federico Navarro
backend developer
federico at info.nl<mailto:federico at info.nl> | LinkedIn<https://www.linkedin.com/company/info-nl> | +31 (0)2 05 30 91 61<tel:+31205309161>
info.nl<http://www.info.nl/>
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 9100<tel:+31205309100>
More information about the keycloak-user
mailing list