Reputation: 17553
unable to get oauth token from Keycloak
I have an application which is getting Auth from Keycloak.
My Access Type is public so I do not have any client secret.
I have given access to "Direct Access Grants Enabled" as ON
Refer below:
I am getting error from postman as below:
{
"error": "invalid_grant",
"error_description": "Invalid user credentials"
}
Note : My credentials is right as I am using same to login on keycloak
I have also check the key and they seems correct as per below reference:
https://gist.github.com/rac021/623e4f4c87069acd0c38d952568f8a3d
while I have setup as per my understanding.
References:
Please let me know if I missing anything or you need any more details.
Any workaround will be appreciated !!!!
Upvotes: 27
Views: 76609
Answers (7)
Reputation: 76
Had the same issue. Just swich to required realm and try to create user in it.
Don't forget to add role to this user.
Upvotes: 0
Reputation: 45
In my case the problem was that export/import process was not including users, please check twice if u have them in your admin panel
Upvotes: 0
Reputation: 685
I had the same error response in the postman, because I didn't added the role to client, which then must be added to user roles :
2) Add this role to user roles.
3) then token from postman was obtained without this error.
Upvotes: 4
Reputation: 11
It was happening only in Postman, I reset the user password and back to work normaly
Upvotes: 1
Reputation: 59
For LDAP users I am getting this issue. With some user able to login with Authorization code flow, but when I am using the same user to get access token from postman with token URL getting below response.
{ "error": "invalid_grant", "error_description": "Invalid user credentials" }
To fix the above error I removed required user actions for the user and enabled email verified option.
Upvotes: 4
Reputation: 1061
I had the same problem. Mine was due the the OTP (optional) in the direct grant Flow
Upvotes: 6
Reputation: 3711
The error message "Invalid user credentials" is reliable. That is, you either specified a wrong username or password.
Check that the user really exists in the realm you are addressing with the URL. Particularly if it is not the master realm which usually will be used to login to keycloak admin console.
Upvotes: 25
Related Questions
- Keycloak Invalid token issuer
- Keycloak API always returns 401
- How to get access token from keycloack using postman GET request
- Postman using wrong (nonsense?) code in OAuth2 flow against Keycloak server
- Not able to create user using keycloak api
- Keycloak token exchange fails with "invalid_token" error
- Access the keycloak API from postman
- Keycloak - get access token with Postman - access type bearer-only
- how to get access-token from keycloak using postman (authcode flow)
- Keycloak unable to get access token