[keycloak-user] Incorrect redirect_uri in Authorization Code Flow

Stian Thorgersen sthorger at redhat.com
Mon Aug 26 03:43:09 EDT 2019 

The error message indicates that the redirect_uri in the authorization
request doesn't match the value in the token request. From what you've
pasted it looks correct, but you should double check that the values are
indeed the same. May be some double encoding issue?

On Fri, 23 Aug 2019 at 20:36, Julián D. Zorzenón <comm.ass at gmail.com> wrote:

> Hi,
>
> I'm trying to setup a public client in Keycloak 6.0.1 to make an
> Authorization Code Flow to work but it fails on the post after the
> redirect.
>
> 1. I've create the following client in the realm "test":
> client id => keycloak-java-form-example
> enabled => on
> client protocol => openid-connect
> access type => public
> standard flow enabled => on
> valid redirect uris => http://localhost:9090/*
>
> 2. Manually created a user.
> 3. Created a simple app. When you go to http://localhost:9090/ it
> redirects
> to:
>
>
> https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/auth?scope=openid&response_type=code&client_id=keycloak-java-form-example&redirect_uri=http%3A%2F%2Flocalhost%3A9090%2Fcb
>
> 4. I log in in the form and get the response on the endpoint
> http://localhost:9090/cb with a code (for example:
>
> 337f8ec8-dbdd-4965-b538-e5a4fbfff6b4.4cb543a8-1585-4bd0-b174-031288cf3032.cf57276c-98a9-48d3-b460-c678af3f8eb2).
>
> 5. I make the following POST request:
> POST
> https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/token
> grant_type=authorization_code
> <https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/tokengrant_type=authorization_code>
> client_id=keycloak-java-form-example
>
> code=337f8ec8-dbdd-4965-b538-e5a4fbfff6b4.4cb543a8-1585-4bd0-b174-031288cf3032.cf57276c-98a9-48d3-b460-c678af3f8eb2
> redirect_uri=http%3A%2F%2Flocalhost%3A9090%2Fcb
>
> The response is:
> 400
> {"error":"invalid_grant","error_description":"Incorrect redirect_uri"}
>
> I'm not sure what I'm missing.
>
> Thanks
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list