0

I have to create two rest services via keycloak. The first one sends a verification code to a phone number. The second one grant a token to a user if the verification code is correct for a given phone number.

I have created a module with a custom SPI following the guide in https://github.com/FX-HAO/keycloak-phone-authenticator. The provider can be found. I have also created the Direct grant flow copy and made it the default direct grant flow for the realm.

I can send the verification code with a request to http://{host}//auth/realms/{my_realm}/{my_provider}/send_sms

However, I cannot get the token using the following request:

curl -X POST  http://{host}/auth/realms/{my realm}/protocol/openid-connect/token  
-H 'authorization: Basic {my keycloak admin username and password}'  
-H 'content-type: application/x-www-form-urlencoded'  -d 'grant_type=password&phone_number={phone number}&code={code}'

I keep getting the invalid_client_credentials error and it seems that my provider is not called because there is nothing in its logs. What am I doing wrong?

gisly
  • 673
  • 1
  • 8
  • 30
  • 1
    I think you are simply missing the `client_id` and `client_secret` in your request. – sventorben Jan 25 '22 at 17:37
  • what is the meaning of client_id and client_secret in this case? Are they the "technical user" identifiers or are they the phone number and the verification code? – gisly Jan 25 '22 at 17:52
  • 1
    It's neither phone number nor verification code. Just the OIDC standard id for your client and it's secret. – sventorben Jan 25 '22 at 18:23
  • 1
    https://www.oauth.com/oauth2-servers/access-tokens/password-grant/ – sventorben Jan 25 '22 at 18:30
  • thank you, I used the login user data. Now I've created a new client and added the direct grant option to it, but now I get ```{ "error": "invalid_grant", "error_description": "Invalid user credentials" } ``` The client_secret and the client_id are correct as well as the phone number and the verification code. The default direct grant flow is set as my custom flow. – gisly Jan 25 '22 at 20:59
  • Sorry, it was due to wrong user id – gisly Jan 26 '22 at 16:58

1 Answers1

0

As @sventorben said, the problem was in specifying wrong credentials for the client

gisly
  • 673
  • 1
  • 8
  • 30