stackoom
  简体   繁体   中英

Keycloak with spring boot CODE_TO_TOKEN_ERROR

 原文  2019-09-25 10:25:51       spring-boot/ authentication/ integration/ keycloak

Question

Integrated keycloak with spring-boot application but getting the following error while login attempt. Need help on resolving "CODE_TO_TOKEN_ERROR".

In keycloak server log:

2019-09-25 15:38:25,040 WARN  [org.keycloak.events] (default task-19) type=CODE_TO_TOKEN_ERROR, realmId=Test-App, clientId=test-web-app, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=authorization_code

In spring boot Application log:

2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator   : failed to turn code into token
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator   : status from server: 400
2019-09-25 15:38:25.042 ERROR 3666 --- [nio-8081-exec-1] o.k.adapters.OAuthRequestAuthenticator   :    {"error":"unauthorized_client","error_description":"Client secret not provided in request"}

application.properties file: 

keycloak.auth-server-url = http://localhost:8080/auth
keycloak.realm = Test-App
keycloak.resource = test-web-app
keycloak.credentials.secret = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
keycloak.ssl-required = external
keycloak.use-resource-role-mappings = true
keycloak.public-client = true

keycloak.security-constraints[0].authRoles[0] = ROLE_USER
keycloak.security-constraints[0].securityCollections[0].patterns[0] = /hello/*

server.port = 8081

2 answers

solution1
 0  2019-09-27 12:04:33

Made POST request to http://localhost:8080/auth/realms/{realm-name}/protocol/openid-connect/token URL from postman by adding following parameters to the x-www-form-urlencoded section of body part.

Headers:

Content-Type: application/x-www-form-urlencoded

Body Params:

client_id:new-realm-app
username:username
password:password
grant_type:password
client_secret:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

One access_token generated. And that's it..

It worked for me...

solution2
 0  2020-01-21 14:44:19

You need to remove this property keycloak.public-client = true, public client is only use when the client is a client that runs in browser client, as javascript app (Angular or react). When you use this property, keycloak doesn't send the client id and credentials in authentication request. If you have a spring boot service, you need use an confidential or bearer only client. You can read more in keycloak documentation

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Extend Keycloak token in Spring boot Spring Boot - Keycloak: “failed to turn code into token” SSL Error 500 while using bearer token with Spring boot + Keycloak Keycloak and Spring Boot authentication error keycloak spring boot - redirection to token endpoint Securing Spring Boot service with keycloak - JWT token Keycloak Spring boot Error: Token type is incorrect. Expected 'Bearer' but was 'ID' Keycloak 401/403 HTTP Error (Spring Boot) How to get Refresh Token of KeyCloak in Spring Boot - Jhipster Keycloak: Spring Boot project as bearer and reusing token from user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM