I have a local Keycloak server running with "Standard Authorization Code Flow".
I call the authorization endpoint with this url:
http://localhost:8080/realms/lapse/protocol/openid-connect/auth?client_id=lapse-app&redirect_uri=http://localhost:8080&response_type=code
After authenticating successfully, i correctly get redirected to:
http://localhost:8282?session_state=6c93f810-d934-4e20-adcc-b21748d3b26a&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Flapse&code=6cc168fc-e894-4f8b-a401-ec3267dc69b1.6c93f810-d934-4e20-adcc-b21748d3b26a.eec3a0c8-ff4a-437b-ad17-5f6228422b0f
Giving me the Authorization Token:
6cc168fc-e894-4f8b-a401-ec3267dc69b1.6c93f810-d934-4e20-adcc-b21748d3b26a.eec3a0c8-ff4a-437b-ad17-5f6228422b0f
A JWT is also added via Cookies (though I do not need it, but this suggest everything has worked correctly so far, I assume).
When I now send a request to the token endpoint, I get the error Code not valid when using these parameters:
{
grant_type : authorization_code,
code : 6cc168fc-e894-4f8b-a401-ec3267dc69b1.6c93f810-d934-4e20-adcc-b21748d3b26a.eec3a0c8-ff4a-437b-ad17-5f6228422b0f,
redirect_uri : http://localhost:8282,
client_id : lapse-app,
client_secret : ZLpHFtQzoYdf21rIDwblZlZZ0bFntaD7
}
I do not understand why this happens. The Authorization Code I get from the redirect seems to be in a different format to what I have seen in examples, do I somehow have to reformat it before sending it to the token endpoint?
I spot a difference in your redirect_uris.
You called the OpenID provider with port 8080
...&redirect_uri=http://localhost:8080&response_type=code
After successful authentication you get redirected to port 8282
http://localhost:8282?....
and when you tried to perform the code-to-token you used the redirect_uri with port 8282
http://localhost:8282
Note, that you have to use the exact same redirect_uri when requesting authentiction, and performing code-to-token.