Getting an error while retrieving tokens

[remigauthierdocaposte]

Hello!

On our side, the external IDP is configured, using the specific nonce to be able to connect to FC+.

All good except when keycloak asks for the token using the returned authorizationCode collected after successfully calling the authorize.

I have got this error :
Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server. error='invalid_client_metadata', error_description='client JSON Web Key Set failed to be refreshed', error_uri='null'

Error seems to be located in the authResponse() of OIDCEndpoint here :
SimpleHttp tokenRequest = SimpleHttp.doPost(tokenUrl, this.session).param("code", authorizationCode).param("redirect_uri", redirectUri).param("grant_type", "authorization_code"); SimpleHttp authenticateTokenRequest = FranceConnectIdentityProvider.this.authenticateTokenRequest(tokenRequest);

Do you have any clue or advice? We currently only have an integration client_id/client_secret for FC+.

[micedre]

This extension is currently not compatible with FC+, I'm waiting for a working client_id to see how much should be changed (if it is possible) to make it working.

Could you maybe share all keycloak logs (removing all sensitive informations) by activating http client wire logging ?

(To enable wire logging, open jboss-cli on your keycloak server $KEYCLOAK_HOME/bin/jboss-cli.sh and then :

> connect
>/subsystem=logging/logger=org.apache.http.wire:add(handlers=[CONSOLE,FILE], level=TRACE)

You should see all http exchange from keycloak server with the FC+ server in server.log file (not in console)

[remigauthierdocaposte]

I will try to use my key to get the ID Token information from the returned JWT.
I you need more info to do tests on your side, so not hesitate to send me a mail.

[micedre]

Thank you for all that, we will try on our side

[micedre]

I finally had some way to test the service, could you try the extension here : https://minio.lab.sspcloud.fr/projet-keycloak-franceconnect/keycloak-franceconnect-2.4-SNAPSHOT.jar

It works for me.

It still needs a lot of code cleaning.

[remigauthierdocaposte]

Ok thanks for the share, I ll sure try it ASAP and let you know the results of our tests.

[remigauthierdocaposte]

Good news it is working fine!! I ll have a look at your code to check the details of your implementation. Excellent work. Thanks again for the talk.