Integrated keycloak with spring-boot application but getting the following error while login attempt. Need help on resolving "CODE_TO_TOKEN_ERROR".
In keycloak server log:
2019-09-25 15:38:25,040 WARN [org.keycloak.events] (default task-19) type=CODE_TO_TOKEN_ERROR, realmId=Test-App, clientId=test-web-app, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=authorization_code
In spring boot Application log:
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator : failed to turn code into token
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator : status from server: 400
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator : {"error":"unauthorized_client","error_description":"Client secret not provided in request"}
application.properties file:
keycloak.auth-server-url = http://localhost:8080/auth
keycloak.realm = Test-App
keycloak.resource = test-web-app
keycloak.credentials.secret = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
keycloak.ssl-required = external
keycloak.use-resource-role-mappings = true
keycloak.public-client = true
keycloak.security-constraints[0].authRoles[0] = ROLE_USER
keycloak.security-constraints[0].securityCollections[0].patterns[0] = /hello/*
server.port = 8081
Made POST request to http://localhost:8080/auth/realms/{realm-name}/protocol/openid-connect/token
URL from postman by adding following parameters to the x-www-form-urlencoded
section of body
part.
Headers:
Content-Type: application/x-www-form-urlencoded
Body Params:
client_id:new-realm-app
username:username
password:password
grant_type:password
client_secret:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
One access_token generated. And that's it..
It worked for me...
You need to remove this property keycloak.public-client = true, public client is only use when the client is a client that runs in browser client, as javascript app (Angular or react). When you use this property, keycloak doesn't send the client id and credentials in authentication request. If you have a spring boot service, you need use an confidential or bearer only client. You can read more in keycloak documentation
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.