ginccc
Reputation: 81
Error trying to connect from quarkus to keycloak
when starting up a quarkus service (v2.1.1), and trying to connect to a keycloak instance (v15.0.1) I am getting the following exception stack trace:
ERROR [io.qua.run.Application] (Quarkus Main Thread) Failed to start application (with profile dev): io.quarkus.oidc.common.runtime.OidcEndpointAccessException
at io.quarkus.oidc.runtime.OidcProviderClient.getJsonWebKeySet(OidcProviderClient.java:75)
at io.quarkus.oidc.runtime.OidcProviderClient.lambda$getJsonWebKeySet$0(OidcProviderClient.java:54)
at io.smallrye.context.impl.wrappers.SlowContextualFunction.apply(SlowContextualFunction.java:21)
at io.smallrye.mutiny.operators.uni.UniOnItemTransform$UniOnItemTransformProcessor.onItem(UniOnItemTransform.java:36)
at io.smallrye.mutiny.vertx.AsyncResultUni.lambda$subscribe$1(AsyncResultUni.java:35)
at io.vertx.mutiny.ext.web.client.HttpRequest$10.handle(HttpRequest.java:717)
at io.vertx.mutiny.ext.web.client.HttpRequest$10.handle(HttpRequest.java:714)
at io.vertx.ext.web.client.impl.HttpContext.handleDispatchResponse(HttpContext.java:371)
at io.vertx.ext.web.client.impl.HttpContext.execute(HttpContext.java:358)
at io.vertx.ext.web.client.impl.HttpContext.next(HttpContext.java:336)
at io.vertx.ext.web.client.impl.HttpContext.fire(HttpContext.java:303)
at io.vertx.ext.web.client.impl.HttpContext.dispatchResponse(HttpContext.java:265)
at io.vertx.ext.web.client.impl.HttpContext.lambda$null$8(HttpContext.java:520)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:96)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:59)
at io.vertx.core.impl.EventLoopContext.lambda$runOnContext$0(EventLoopContext.java:37)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:497)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:832)
Here are the configs I have put:
# OIDC Configuration
quarkus.oidc.auth-server-url=https://<HOST>/auth/realms/<REALM_NAME>
quarkus.oidc.client-id=<CLIENT_ID>
# quarkus.oidc.application-type=service
quarkus.oidc.credentials.secret=<SECRET>
quarkus.oidc.tls.verification=required
# Enable Policy Enforcement
quarkus.keycloak.policy-enforcer.enable=true
Anyone got an idea what's wrong here?
Upvotes: 4
Views: 10299
Answers (1)
ginccc
Reputation: 81
Thanks to a comment above I found this quarkus config here to be helpful:
quarkus.log.min-level=DEBUG
quarkus.log.category."io.quarkus.oidc".level=DEBUG
Which gave me this error:
Caused by: org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 400 / Bad Request / Response from server: {"error":"invalid_client","error_description":"Bearer-only not allowed"}
So clearly, I had misconfigured the client inside keycloak. Too bad the original error message didn't give me that information by default.
Upvotes: 3
Related Questions
- How do I use an older Keycloak client with Quarkus 2.13, Keycloak 19 client is not backwards compatible with v18 server
- Keycloak 18 with Quarkus SSL configuration failed to use PKCS12 as keystore(*.p12)
- Quarkus GraphQL Client with Keycloak
- An error occured when injecting AuthzClient
- How to set up OIDC connection to Keycloak in Quarkus on Kubernetes
- Quarkus Keycloak Admin client
- Configuration for Quarkus and Keycloak on Docker
- Keycloak Admin Client with Quarkus?
- Quarkus web app cannnot authorize with JWT and Keycloak
- Quarkus and Keycloak/OIDC - NullPointerException