3

We're having a Keycloak with the realm socialBetaTest when I try to initate the Client Initiated Account Linking with the following URL (link with twitter):

https://socialBeta.maio290.de/auth/realms/socialBetaTest/broker/twitter/link?client_id=frontend&redirect_uri=https://localhost:4200/&nonce=someString&hash=someHash

I am getting the following error in my KeyCloak stdout:

WARN  [org.keycloak.events] (default task-42) type=CLIENT_INITIATED_ACCOUNT_LINKING_ERROR, realmId=social, clientId=frontend, userId={properUserID}, ipAddress=x.x.x.x, error=invalid_token, redirect_uri=https://localhost:4200/, username={someEmailAddress}

What I notice here, they realm isn't the proper one, why is it called "social" and not "socialBetaTest"? And why is the token invalid, when it was issued (iss in the JWT) by socialBetaTest? Since we don't provide the token by any parameter, I guess it's reading the token out from the cookie and/or local storage.

Does anyone know how to fix this issue?

maio290
  • 6,440
  • 1
  • 21
  • 38
  • Did you find any solution for this issues?? – yormen Jun 28 '19 at 13:32
  • I remember opening a bug at Keycloak's bugtracker: https://issues.jboss.org/browse/KEYCLOAK-7752 - however, I stopped working on the project and my ex-colleagues didn't bother to try it out. So maybe the comment of Stan Silvert and the stuff which they did might help you out. Good luck! :) – maio290 Jul 05 '19 at 12:27
  • From the yours it seems you left the state out. But it’s working now though. – yormen Jul 07 '19 at 16:34

0 Answers0