带有 spring 启动 CODE_TO_TOKEN_ERROR 的 Keycloak
[英]Keycloak with spring boot CODE_TO_TOKEN_ERROR
问题描述
Integrated keycloak with spring-boot application but getting the following error while login attempt.
与 spring-boot 应用程序集成密钥斗篷,但在尝试登录时出现以下错误。 Need help on resolving "CODE_TO_TOKEN_ERROR".需要帮助解决“CODE_TO_TOKEN_ERROR”。
In keycloak server log:在 keycloak 服务器日志中:
2019-09-25 15:38:25,040 WARN [org.keycloak.events] (default task-19) type=CODE_TO_TOKEN_ERROR, realmId=Test-App, clientId=test-web-app, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=authorization_code
In spring boot Application log:在 spring 启动应用程序日志中:
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator : failed to turn code into token
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator : status from server: 400
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator : {"error":"unauthorized_client","error_description":"Client secret not provided in request"}
application.properties file: application.properties 文件:
keycloak.auth-server-url = http://localhost:8080/auth
keycloak.realm = Test-App
keycloak.resource = test-web-app
keycloak.credentials.secret = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
keycloak.ssl-required = external
keycloak.use-resource-role-mappings = true
keycloak.public-client = true
keycloak.security-constraints[0].authRoles[0] = ROLE_USER
keycloak.security-constraints[0].securityCollections[0].patterns[0] = /hello/*
server.port = 8081
2 个解决方案
解决方案1
0 2019-09-27 12:04:33
Made POST request to http://localhost:8080/auth/realms/{realm-name}/protocol/openid-connect/token URL from postman by adding following parameters to the x-www-form-urlencoded section of body part. Made POST request to http://localhost:8080/auth/realms/{realm-name}/protocol/openid-connect/token URL from postman by adding following parameters to the x-www-form-urlencoded section of body part.
Headers:标题:
Content-Type: application/x-www-form-urlencoded
Body Params:身体参数:
client_id:new-realm-app
username:username
password:password
grant_type:password
client_secret:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
One access_token generated.生成了一个 access_token。 And that's it..就是这样。。
It worked for me...它对我有用...
解决方案2
0 2020-01-21 14:44:19
You need to remove this property keycloak.public-client = true, public client is only use when the client is a client that runs in browser client, as javascript app (Angular or react).您需要删除此属性 keycloak.public-client = true,公共客户端仅在客户端是在浏览器客户端中运行的客户端时使用,如 javascript 应用程序(Angular 或反应)。 When you use this property, keycloak doesn't send the client id and credentials in authentication request.当您使用此属性时,keycloak 不会在身份验证请求中发送客户端 ID 和凭据。 If you have a spring boot service, you need use an confidential or bearer only client.如果您有 spring 引导服务,则需要使用机密或仅承载客户端。 You can read more in keycloak documentation您可以在keycloak 文档中阅读更多内容
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.