Reputation: 95
Keycloak error : Code not valid - for client token request
Few days Ago I have integrate keycloak with my php application. Which working fine. Now I am trying to do same thing for my vue js app.
In 2nd step (for client token request using authorization code) I am getting 400 error. Response Message "Code not valid".
1st step : (inside mounted )
const AUTHORIZE_URL = 'auth/realms/rstore/protocol/openid-connect/auth';
const params = {
'response_type': 'code',
'redirect_uri': 'http://localhost:8080/sso/callback',
'client_id': client_id,
'nonce': uuid(),
'state': uuid(),
'scope': 'openid profile email'
};
window.location = baseUrl + AUTHORIZE_URL + '?' + queryString.stringify(params);
2nd step : (For client token request)
let url = baseUrl + ACCESS_TOKEN_URL;
let params = {
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': 'http://localhost:8080/sso/callback',
'client_id': client_id,
'client_secret': client_secret
};
let result = fetch(url, {
method: 'POST',
body: queryString.stringify(params),
headers: {
'Content-Type': 'application/x-www-form-urlencoded' // ,
}
})
.then(resp => {
return resp.json();
})
.catch(error => {
throw new Error('FetchError in request to ES: ' + error.toString())
})
I also tried from command prompt --->
curl -X POST 'https://example.com/auth/realms/nstore/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=095516b7-e545-4b02-9dad-ec9c6366e0e4.33e1f298-a440-4bdc-9118-96ed669cabcd.e1c5d85f-3441-490d-a1fd-eb3b00d3c47c' \
--data-urlencode 'client_id=vue' \
--data-urlencode 'client_secret=b329ade3-2b71-4e3b-ab25-926cb32c5c8c' \
--data-urlencode 'redirect_uri=http://localhost:8080/sso/callback'
output same ---> {"error":"invalid_grant","error_description":"Code not valid"}
Upvotes: 6
Views: 40451
Answers (1)
Reputation: 1341
The "Code not valid" error message is a general one. It may have one of the following meanings: http://localhost:8080/auth/realms/{realm_name}/protocol/openid-connect/auth
- code is not valid, or is valid but incorrently URL encoded
- the code is correct, but it has been already used by other user session
Each authorization code can be used only once, to generate single new access token. As such, generating multiple access tokens from one code is not possible. One reason why you may be receiving this error is because authorization code was already used, either by Postman or by web application.
Solution : regenerate the client_secret in the keycloak server for your realm and then do the complete process again and you will get the accesstoken and referesh token.
Note : Each authorization code can be used only once, to generate single new access token. As such, generating multiple access tokens from one code is not possible.
Upvotes: 10
Related Questions
- keycloak-js appending session data to url in vue3
- SvelteKit and keycloak-js, code_to_token_error and invalid_client_credentials error
- Auth0: Invalid access token payload, JWT encrypted with A256GCM algorithm
- TypeError: Cannot read properties of undefined (reading 'token')
- Passing Keycloak bearer token to express backend?
- Problems to get a refresh token using vue, nuxt and keycloak
- Keycloak with nuxt-auth module
- Keycloak returns CORS Access-Control-Allow-Origin error
- Using keycloak in Vue3, but not on startup
- How to use Vuetify for a Keycloak Login theme