SvelteKit 和 keycloak-js,code_to_token_error 和 invalid_client_credentials 错误

huangapple
go评论76阅读模式
英文:

SvelteKit and keycloak-js, code_to_token_error and invalid_client_credentials error

问题

我正在使用 keycloak-js 来保护我的 SvelteKit UI 应用程序。

<script lang="ts">
    import { onMount } from "svelte";
    import Keycloak from "keycloak-js";
    import type { KeycloakInitOptions } from "keycloak-js";
    onMount(() => {
        let instance = {
            url: "http://localhost:8080",
            realm: "my-realm",
            clientId: "my-client"
        };
        let keycloak = new Keycloak(instance);
        let initOptions: KeycloakInitOptions = { onLoad: "login-required" 
        };
        keycloak.init(initOptions).then(function (authenticated) {
                console.info("authorized");
            }).catch(function () {
                alert("unauthorized");
            });
        }
    );
</script>

我在我的 Docker 中部署的 Keycloak 上收到了以下错误。

WARN  [org.keycloak.events] (executor-thread-69) type=CODE_TO_TOKEN_ERROR, realmId=..., clientId=my-client, userId=null, ipAddress=..., error=invalid_client_credentials, grant_type=authorization_code

然而,从 Postman 中检索令牌是有效的。

英文:

I'm using keycloak-js to secure my sveltekit UI app.

&lt;script lang=&quot;ts&quot;&gt;
    import { onMount } from &quot;svelte&quot;;
    import Keycloak from &quot;keycloak-js&quot;;
    import type { KeycloakInitOptions }  from &quot;keycloak-js&quot;;
    onMount(  () =&gt; {
        let instance = {
            url: &quot;http://localhost:8080&quot;,
            realm: &quot;my-realm&quot;,
            clientId: &quot;my-client&quot;
        };
        let keycloak = new Keycloak(instance);
        let initOptions: KeycloakInitOptions = { onLoad: &quot;login-required&quot; 
        };
        keycloak.init(initOptions).then(function (authenticated) {
                console.info(&quot;authorized);
            }).catch(function () {
                alert(&quot;unauthorized&quot;);
            });
        }
    );
&lt;/script&gt;

I'm receiving this error on my keycloak deployed in docker.

WARN  [org.keycloak.events] (executor-thread-69) type=CODE_TO_TOKEN_ERROR, realmId=..., clientId=my-client, userId=null, ipAddress=..., error=invalid_client_credentials, grant_type=authorization_code

Retrieving the token from postman works though.

答案1

得分: 2

根据您的错误消息:

WARN  [org.keycloak.events] (executor-thread-69) type=CODE_TO_TOKEN_ERROR, realmId=..., clientId=my-client, userId=null, ipAddress=..., error=invalid_client_credentials, grant_type=authorization_code

看起来Keycloak正在期望一个client secret,根据您的配置:

let instance = {
    url: &quot;http://localhost:8080&quot;,
    realm: &quot;my-realm&quot;,
    clientId: &quot;my-client&quot;
};

推测客户端my-client是一个保密客户端。然而,由于您正在使用javascript适配器,您应该实际上创建一个公开的客户端,而不是保密的客户端。

所以,请将客户端my-clientaccess-typeconfidential更改为public

英文:

Based on your error message:

WARN  [org.keycloak.events] (executor-thread-69) type=CODE_TO_TOKEN_ERROR, realmId=..., clientId=my-client, userId=null, ipAddress=..., error=invalid_client_credentials, grant_type=authorization_code

it looks like Keycloak is expecting a client secret, which based on your configuration:

let instance = {
    url: &quot;http://localhost:8080&quot;,
    realm: &quot;my-realm&quot;,
    clientId: &quot;my-client&quot;
};

infers that the client my-client is a confidential one. However, since you are using the javascript adapter, you should actually create a public client instead of a confidential one.

So change the access-type of the client my-client from confidential to public.

huangapple
  • 本文由 发表于 2023年1月9日 09:50:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/75052541.html
  • keycloak
  • keycloak-services
  • sveltekit
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定