Keycloak "Invalid parameter: redirect_uri" - keycloak

After configuring a client named 'steeringclientui' in keycloak as in the picture below
when I am trying to access http://localhost:8080/realms/steeringappdev/protocol/openid-connect/auth?client_id=steeringclientui&response_type=code&scope=openid&redirect_url=http://localhost:8080/sample&state=asdasdas
I've got
I can access without any problem http://localhost:8080/realms/steeringappdev/.well-known/openid-configuration and the response is :
If more info is needed, please let me know.

See https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
You need parameter redirect_uri (not redirect_url) + value should be URL encoded. So correct Authentication Request URL should be:
http://localhost:8080/realms/steeringappdev/protocol/openid-connect/auth?client_id=steeringclientui&response_type=code&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fsample&state=asdasdas

Related

How can I access the redirected url in postman?

I have a big problem. I'm sending a request on postman. Then, the url is redirected. I can see the redirected url in Postman console. But I can't access it from the test tab. I need to access the redirected url because the token is generated here. I can do the same operation using the regular expression extractor in JMeter. But I can't do it in Postman. How can I do this in postman? Can you help me?
enter image description here
You can turn off redirects on a specific request (toggle Automatically follow redirects):
Then you can access the Location header contents through:
pm.response.headers.get('Location')
Following that, you can hit the redirect URL via sendRequest or saving the URL in a Postman variable and using setNextRequest.

LinkedIn - Getting Access Token Error

All,
I am facing authentication issues that I see others have also complained about. Following official documentation I was able to get the client id and client secret but when I try to get Access Token I am getting this error:
{
"error": "invalid_request",
"error_description": "A required parameter \"client_id\" is missing"
}
I am using POSTMAN to get the access token. After getting the Access Token I intend to work with LinkedIn REST APIs with other software that could consume REST. I am not sure why I am getting this error, I wonder is it not possible to get the token from POSTMAN and have to use Python script?
Also, redirect_uri in step 2 is not a functional callback uri, it's an imaginary URL. Do I need a valid callback URL?
Since you are getting this error
{
"error": "invalid_request",
"error_description": "A required parameter \"client_id\" is missing"
}
This is giving a hint that you might need to change the Client Authentication drop-down value to Send client credential in body instead of Send as Basic auth header
This is because when client_id and client_secret are sent in the header, they are combined and converted to base64
Authorization: Basic base64($client_id + ':' $client_secret)
So, no separate client_id is ever sent. But if you choose to send the credentials in body then they are sent separately.
For more info, you can refer the offical RFC here https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1
I solved this issue by adding keys/values in the Params.

No auth function available for given request

I'm a newbie to access with DropBox's Api (See: https://www.dropbox.com/developers-v1/core/docs#oauth2-methods). Now there's a problem rocking me——
1) I get an access_token successfully.
2) I wanna see the user's detailled info by directly calling "https://api.dropboxapi.com/1/account/info". However the result is:
{"error_description": "No auth function available for given request", "error": "invalid_request"}
It seems that I should give the address something to make sure that I'm already authenticated. But how? I didn't see anything in Documents……? Any where?
Thanks
The API uses OAuth 2, so you'll want to attach an "Authorization" header with the value "Bearer ACCESSTOKEN", where ACCESSTOKEN is the access token you obtained through the OAuth process.

Linkedin OAuth2 authorization code error

I´m trying to connect via Linkedin Auth2 from a java web application:
Added my own app in linkedin.
Generate the authorization URL: https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=XXX&scope=r_basicprofile%20r_fullprofile%20r_emailaddress&state=DCEEFWF454Us5dffef424&redirect_uri=http://localhost:9090/springmvc/token.htm
Introduce my login/password for linkedin in the new popup.
Get back successful the request on the redirect_uri previus, and take the authorization code "code"
Generate the accessToken URL
Make a POST with: https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=YYY&redirect_uri=http://localhost:9090/SpringMVC/token.htm&client_id=XXX&client_secret=ZZZ
Get next error in response: {"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}
I´ve verified url parameters are correct:
- "code" is the token receive on step 4.
"redirect_uri" is the same URL on step 2 and 4. I added this URL on section "OAuth 2.0 redirect URL" on my APP.
"client_id" and "client_secret" are the "Client API" and "Secret API" on my APP.
Time between first and second request is less than 20 seconds.
The value of your redirect_uri parameter must be URL-encoded, so at 6. do:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=YYY&redirect_uri=http%3A%2F%2Flocalhost%3A9090%2FSpringMVC%2Ftoken.htm&client_id=XXX&client_secret=ZZZ
and it need not be sent as a POST but as a GET.
If You Are Sending a Request For Access Token it must be POST Request
Refer the OAuth Documentation
I actually Copied the Whole URL From My Eclipse Console To URL It is Still Valid
In Your Case The Problem is with URL Encoding As HanZ said .
You Have to Encode Your URL For Post Request.
I too got bugged with this issue for long time. Please keep few things in mind which I did and eventually sorted it out.
Hit the api to get authorization code by using get request.
The authorization code has a life span of about 20 seconds, so its difficult to manually copy the code from the url and make a request for token access. You should do it pro-grammatically.
Make a post request for getting access token.
Most Important: Old linkedin applications that I had created was not working and giving the above error. Create a new linkedin application and try. Doing this worked for me.
I assume that all the other parameters like client_id, secret, redirect_uri are correct.
please try and let us know.
Thanks.

Facebook - OAuth Token - redirect_uri isn't an absolute URL

... but it is!
I am calling the facebook API with the following link in order to receive my access token:
https://www.facebook.com/dialog/oauth?client_id=myclientid&redirect_uri=http%3A%2F%2Fmydomain.org%3A8080%2FServer%2FFacebookAuthenticationVerificationServlet&scope=manage_notifications,offline_access,read_mailbox,read_stream,publish_stream
What am I doing wrong?
Facebook answers with the following error:
message: redirect_uri isn't an absolute URI. Check RFC 3986.
type: OAuthException
code: 191
It shouldn't have anything to do with it, but I am using java's URLEncode.encode() to encode the URL into UTF-8. I compared the result with that one from JavaScript's encodeURIComponent() and didn't find any difference.
EDIT: Do I have to set the domain into my configuration? I can't locate it on "App Domains" (because facebook doesn't allow me to add domains there with port configuration) but I set the domain as "URL of my website".
EDIT2: The unencoded redirect uri: http://mydomain.org:8080/Server/FacebookAuthenticationVerificationServlet
EDIT3: This has nothing to do with the :8080. I tested it with a php-script (URL was like bla.domain.org/myphp.php) and sent the code by the php script to the tomcat server, but the error persisted.
Okay, it turned out I misunderstood the OAuth protocol. I was fetching the authorizationCode that THEN leeds me to the accessToken.
But I wasn't able to fix that error in specific. I just redeveloped the procedure and implemented auth-code and access-token separation and it works fine now.
Maybe unauthorizating the app and reauthorizating it # facebook did fix it?
Error code 191 for Facebook is
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
Make sure mydomain.org is in the App Domains field, and that the Website with Facebook login field is correct.
You shouldn't encode redirect_uri. http%3A%2F%2Fmydomain.org is not understood as http://mydomain.org