An otherwise working as expected Keycloak Server is giving me a headache since I started to try and implement Application Initiated Actions.
Prior Search
Because looking for the topic results in a sparse selection of hands-on material, I got to go through the design document for AIA, especially the flows section.
Environment
- Keycloak 15
- PostgreSQL Database Backend
- Keycloak as k8s deployment
- Client in use has temporary full scope for development purposes
- Node.JS backend with keycloak-connect and express as the Server
What I've tried
According to the design document (Here is an entry to google groups where it's said that the feature "pretty much turned out as designed") flows should be constructed as
../realms/myrealm/protocol/openid-connect/auth
?response_type=code
&client_id=myclient
&redirect_uri=https://myclient.com
&kc_action=update_profile
which resulted in this code in my templating engine:
`${keycloak.config.realmUrl}/protocol/openid-connect/auth?response_type=code&client_id=${keycloak.config.clientId}&redirect_uri=${new URLSearchParams("http://localhost:3000/account").toString()}&kc_action=update_profile`
(pug variable) keycloak.config is filled using keycloak.getConfig() where keycloak is the keycloak-connect instance.
The templating engine correctly substitutes the variables into a link that leads to my keycloak instance, where I am presented with (the german equivalent of) this error message:
Unexpected error when handling authentication request to identity provider
(German:
Unerwarteter Fehler während der Bearbeitung der Anfrage an den Identity Provider.
)
There are no other identity providers configured.
Question
How to correctly make the call to my Keycloak to kick off an AIA, if the way described in the design document leads to this error?
