[keycloak-user] redirect_uri in token exchange redirect
triton oidc
triton.oidc at gmail.com
Thu Mar 7 07:25:05 EST 2019
Hi,
i did an account linking on two keycloak IDP
my keycloak 4.8.3 on the two server
When i do a token exchange, i get a
error_description":"identity provider is not linked, can only link to
current user session","account-link-url":"
https://iMyIDP1:9443/auth/realms/Realm/broker/A_for2/link?nonce=32cb2809-40a3-44ef-9554-cc3fe99a55fb&hash=2qFr-7xxOBY41Hotche3MjSYkEqeH_WGkkYxvej1GNc&client_id=1-secure
","error":"not_linked"
when i enter this url in a browser, i get an Invalid Request
When i look at the error log, i see :
type=TOKEN_EXCHANGE_ERROR, realmId=realm, clientId=realm-secure,
userId=null, ipAddress=172.18.56.212, error=invalid_request,
reason='requested_issuer has not linked', auth_method=token_exchange,
grant_type=urn:ietf:params:oauth:grant-type:token-exchange,
requested_issuer=1_for_2, client_auth_method=client-secret
type=CLIENT_INITIATED_ACCOUNT_LINKING_ERROR, realmId=R1,
clientId=R1-secure, userId=null, ipAddress=172.18.56.212,
error=invalid_redirect_uri
When i loot at the code :
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
line 213 the redirect_uri is mandatory, however it's not in the generated
link.
Is it a mistake, or did I missed something ?
Thanks for any help,
Amaury
More information about the keycloak-user
mailing list