[keycloak-user] Issue with public client and javascript adapter
Gaétan Collaud
gaetancollaud at gmail.com
Wed Sep 13 07:53:56 EDT 2017
Hi,
I'm unable to connect to my public client using the javascript adapter.
I configured a public client (access-type=public).
I used the customer-app-js
<https://github.com/keycloak/keycloak/tree/3.3.x/examples/demo-template/customer-app-js>
demo template. When I try to use my public client, I'm redirected to the
login page, nothing wrong with that. Then when I'm back to the js app I
receive a HTTP 400 bad request on this call:
/auth/realms/PortalRealm/protocol/openid-connect/token. The content is:
{"error":"unauthorized_client","error_description":"UNKNOWN_CLIENT:
Client was not identified by any client authenticator"}
In the logs I can see:
vpdev-keycloak | 11:50:00,767 DEBUG
[org.keycloak.authentication.AuthenticationProcessor] (default task-60)
AUTHENTICATE CLIENT
vpdev-keycloak | 11:50:00,767 TRACE
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-60)
Using executions for client authentication:
[424c67b0-60b3-4063-a1b7-7ae7cbd4c90a, 6ec7a8eb-6fa2-4307-8f70-fbc845205210]
vpdev-keycloak | 11:50:00,767 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-60)
client authenticator: client-secret
vpdev-keycloak | 11:50:00,767 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-60)
client authenticator: client-jwt
vpdev-keycloak | 11:50:00,768 WARN [org.keycloak.events] (default task-60)
type=CODE_TO_TOKEN_ERROR, realmId=ea8dbfe4-21c1-4af5-8ec0-488317b62ccf,
clientId=morphean-public, userId=null, ipAddress=172.19.0.4,
error=invalid_client_credentials, grant_type=authorization_code
I searched for this CODE_TO_TOKEN_ERROR message on the web but no luck so
far.
Has somebody experienced the same issue ? Am I missing something ? I use
kecloak 3.2.1-FINAL.
Best regards,
Gaetan
PS: I tried with a confidential client and it works, but it's says
everywhere that secret should be kept hidden (this is why I wanted to use a
public client).
More information about the keycloak-user
mailing list