search

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs
273 stars 246 forks source link

Invalid client or Invalid client credentials #420

Closed adrianvintu closed 1 year ago

adrianvintu commented 1 year ago

I have used the authorizeAndExchangeCode to registrer a new user.

I then try to login authorizeAndExchangeCode with the created account, the browser appears shortly and disappears, then I and receive this message:

I/flutter (10915): PlatformException(authorize_and_exchange_code_failed, Failed to authorize: [error: unauthorized_client, description: Invalid client or Invalid client credentials], null, null)
I/flutter (10915): #0      StandardMethodCodec.decodeEnvelope
message_codecs.dart:653
I/flutter (10915): #1      MethodChannel._invokeMethod
platform_channel.dart:315
I/flutter (10915): <asynchronous suspension>
I/flutter (10915): #2      MethodChannelFlutterAppAuth.authorizeAndExchangeCode
method_channel_flutter_appauth.dart:37
I/flutter (10915): <asynchronous suspension>
I/flutter (10915): #3      _MyHomePageState._signInWithAutoCodeExchange
main.dart:130
I/flutter (10915): <asynchronous suspension>

It seems the browser has stored invalid credentials(?), but will not allow me to enter ne ones.

Logout does not work because I have no token.

Is there an API call to clear the browser cookie?

Not even uninstalling and reinstalling the app works.

At this time I cannot use the app anymore at all, for logging in.

I have attached a video showcasing this issue Invalid client or Invalid client credentials.zip

adrianvintu commented 1 year ago

When I force promptValues: ['login'] then I get the same error. See attached video Invalid client or Invalid client credentials 2.zip

adrianvintu commented 1 year ago

I found the the issue - the Keycloak configuration.

The fix is to edit the client settings as follows:

https://your.domain/admin/master/console/#/yourrealm/clients/uuid/settings

  1. set Valid redirect URIs = * - for development only, do not use this in production 2 set Valid post logout redirect URIs = * - for development only, do not use this in production
  2. set Implicit flow, Direct access grants ON
  3. set Client authentication OFF

https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/clients/client-oidc.html

https://stackoverflow.com/questions/41695223/keycloak-openid-connect-access-types

Sorry for the trouble, I will close the ticket.