Claper icon indicating copy to clipboard operation
Claper copied to clipboard
verified publisher icon ClaperCo

OIDC_CLIENT_SECRET problem

Open mikesrus opened this issue 1 year ago • 0 comments

I'm trying to set up authorization via OIDC, where Keycloak acts as the IDP, and use the following settings:

OIDC_PROVIDER_NAME="COMPANY:ID"
OIDC_ISSUER=https://id.company.com/auth/realms/<MYREALM>
OIDC_CLIENT_ID=interact.company.com
OIDC_CLIENT_SECRET=4f0a3aec-4b17-XXXX-XXXXX-XXXXX1521f963
OIDC_SCOPES="openid email profile"

But when I try to log in, I get an error:

2024-08-27 14:23:31,343 WARN  [org.keycloak.events] (default task-60) type=CODE_TO_TOKEN_ERROR, realmId=<MYREALM>, clientId=interact.company.com, userId=null, ipAddress=IP_OF_CLAPPER_HOST, error=invalid_client_credentials, grant_type=authorization_code

Authorization work only if i change the client type in keycloak from "confidential" to "public", and then OIDC_CLIENT_SECRET is not used, but this does not look like a safe way.

mikesrus avatar Aug 27 '24 11:08 mikesrus