[keycloak-user] Incorrect redirect_uri in Authorization Code Flow

Julián D. Zorzenón comm.ass at gmail.com
Mon Aug 26 14:30:11 EDT 2019 

It worked! The framework that I'm using already encodes the parameters and
I was encoding the URL, so there was a double encoding. Thanks!

On Mon, 26 Aug 2019 at 04:43, Stian Thorgersen <sthorger at redhat.com> wrote:

> The error message indicates that the redirect_uri in the authorization
> request doesn't match the value in the token request. From what you've
> pasted it looks correct, but you should double check that the values are
> indeed the same. May be some double encoding issue?
>
> On Fri, 23 Aug 2019 at 20:36, Julián D. Zorzenón <comm.ass at gmail.com>
> wrote:
>
>> Hi,
>>
>> I'm trying to setup a public client in Keycloak 6.0.1 to make an
>> Authorization Code Flow to work but it fails on the post after the
>> redirect.
>>
>> 1. I've create the following client in the realm "test":
>> client id => keycloak-java-form-example
>> enabled => on
>> client protocol => openid-connect
>> access type => public
>> standard flow enabled => on
>> valid redirect uris => http://localhost:9090/*
>>
>> 2. Manually created a user.
>> 3. Created a simple app. When you go to http://localhost:9090/ it
>> redirects
>> to:
>>
>>
>> https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/auth?scope=openid&response_type=code&client_id=keycloak-java-form-example&redirect_uri=http%3A%2F%2Flocalhost%3A9090%2Fcb
>>
>> 4. I log in in the form and get the response on the endpoint
>> http://localhost:9090/cb with a code (for example:
>>
>> 337f8ec8-dbdd-4965-b538-e5a4fbfff6b4.4cb543a8-1585-4bd0-b174-031288cf3032.cf57276c-98a9-48d3-b460-c678af3f8eb2).
>>
>> 5. I make the following POST request:
>> POST
>>
>> https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/token
>> grant_type=authorization_code
>> <https://keycloak.server:8443/auth/realms/test/protocol/openid-connect/tokengrant_type=authorization_code>
>> client_id=keycloak-java-form-example
>>
>> code=337f8ec8-dbdd-4965-b538-e5a4fbfff6b4.4cb543a8-1585-4bd0-b174-031288cf3032.cf57276c-98a9-48d3-b460-c678af3f8eb2
>> redirect_uri=http%3A%2F%2Flocalhost%3A9090%2Fcb
>>
>> The response is:
>> 400
>> {"error":"invalid_grant","error_description":"Incorrect redirect_uri"}
>>
>> I'm not sure what I'm missing.
>>
>> Thanks
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>

More information about the keycloak-user mailing list