Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Code is expired with Keycloak provider

See original GitHub issue

I’ve integrated angular-oauth2-oidc in my angular app v8 with Keycloak v4.5, my Keycloak configuration is based on “authorization_code” flow: grant_type: authorization_code

When I refresh my page the call to the token endpoint fails with 400 status:

/auth/realms/test/protocol/openid-connect/token

The response:

{"error":"invalid_grant","error_description":"Code is expired"}

My OIDC configuration is as follows:

export const authCodeFlowConfig: AuthConfig = {
  issuer: 'http://localhost:8080/auth/realms/test',
  redirectUri: window.location.origin + '/page/dashboard',
  postLogoutRedirectUri: window.location.origin + '/login',
  clientId: 'ClientTest',
  responseType: 'code',
  scope: 'openid profile email offline_access api',
  showDebugInformation: true,
  requireHttps: false,
  disableAtHashCheck: true
};

I initialised the oauth2 module as follows in app.module.ts:

export function initCodeFlow(oauthService: OAuthService) {
  return () => {
    oauthService.configure(environment.authCodeFlowConfig);
    oauthService.loadDiscoveryDocumentAndTryLogin();
  };
}
// ...
 {
      provide: APP_INITIALIZER,
      useFactory: initCodeFlow,
      multi: true,
      deps: [OAuthService],
    },

And my realm configuration is based on “Standard code flow + implicit flow”.

I don’ know if it can be an issue or a wrong configuration that I made

Any help will be very appreciated

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5

github_iconTop GitHub Comments

1reaction
odapercommented, May 25, 2020

Thanks a lot @jeroenheijmans, I will check and be back with more info soon

0reactions
jeroenheijmanscommented, Jun 12, 2020

Thx for sharing, good to hear you’ve solved things!

Got no additions, other perhaps than to say that my sample project’s master is now also Code+PKCE flow.

In any case, each app will have its own variant, so it’s great that you’ve shared your approach!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Please help! Code is expired! - Getting advice - Keycloak
After registration I have field “code” in redirect url but I can't use it because it is expired although I have just created...
Read more >
Server Administration Guide - Keycloak
Client-suggested Identity Provider; Mapping claims and assertions; Available user session data; First login flow.
Read more >
Offline token invalid but not expired - Google Groups
I have a problem with offline tokens. Some of them expire well before the limit. My offline tokens have an expiration period of...
Read more >
KeyCloak React refreshToken expired token - Stack Overflow
I want to implement authorization in my client-side application but I've got problem with update Token in React Application with Keycloak. App.
Read more >
[keycloak-dev] Authorization Code Flow as Default for ...
Using authorization code flow with public clients in Keycloak: * Allows short expiration on access tokens * Our JavaScript adapter doesn't ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Export HashHandler Token

Next page

Logout only removes access_token but does not return to login page