CODEWITHSUNDEEP
node.jsauthenticationkeycloak
Usman Haider
Usman Haider

Reputation: 59

Keycloak issue Cannot exchange code for grant in bearer-only mode

I'm new to keycloak and was trying to setup a role based authentication using keycloak with Nodejs but each time I login with my correct username and password which do exist in realm I get this bearer-only grant issue. I have tried all of the solutions and even checked if the access type on Keycloak is Bearer-only but no that is confidential tried setting the bearer-only to true and false as well but nothing worked for me

{
  "realm": "realm_name",
  "auth-server-url": "Keycloak_auth_url",
  "ssl-required": "none",
  "resource": "resource",
  

  "verify-token-audience": false,
  "public-client":true,
  "grant_type":"password",

  "credentials": {
    "secret": secret_credentials
  },
  "confidential-port": 0,
  "policy-enforcer": {},
  "scope":"openid"
}

This is my keycloak.json file

app.get("/", keycloak.protect(), function (req, res) {
console.log(req)


}

) This is my simple function for protecting a route

Upvotes: 1

Views: 605

Answers (1)

KwaXi
KwaXi

Reputation: 149

You configured your client to use password grant, which doesn‘t use an authentication code. Using this grant, the client gets an access token and optional a refresh token by posting it‘s clients credentials together with the resource owners credentials to the authorization server.

Depending on the type of application that your client is, choose an according grant type.

Nevertheless password grant shouldn’t be used at all, a recent update of the OAuth 2.0 current best practices stated. See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-18

Upvotes: 0

Related Questions