Hello. I'm attempting to access the Token endpoint, following the required steps, corresponding to the OIDC Authorization code flow:
GET request to the desired page
GET request to the /auth/realms/____/protocol/openid-connect/auth endpoint
And from the response body I extract session_code, execution and tab_id.
A second GET request to the /auth/realms/____/protocol/openid-connect/auth endpoint
As parameters I provide the values for: response_type, client_id and code_challenge_method and from the generated URL I extract the values for state, code_challenge and nonce
POST request to the authentication endpoint, using the generated variables:
/auth/realms/____ /login-actions/authenticate?session_code=${session_code}&execution=${execution}&client_id=__&tab_id=${tabid}
and in body data I provide the required username and password.
I extract the code from the Response headers of the previous request
Send a POST request to the Token endpoint, using the code + a code verifier, generated using the code challenge + the hash method.
Expected result: Access token is displayed in response
Actual result: An error message {"error":"invalid_grant","error_description":"User session not found"} is displayed
The same flow is working successfully in Postman. I can't seem to figure out the reason behind it. Any help would be highly appreciated.
Hello. I'm attempting to access the Token endpoint, following the required steps, corresponding to the OIDC Authorization code flow:
GET request to the desired page
GET request to the /auth/realms/____/protocol/openid-connect/auth endpoint And from the response body I extract session_code, execution and tab_id.
A second GET request to the /auth/realms/____/protocol/openid-connect/auth endpoint As parameters I provide the values for: response_type, client_id and code_challenge_method and from the generated URL I extract the values for state, code_challenge and nonce
POST request to the authentication endpoint, using the generated variables: /auth/realms/____ /login-actions/authenticate?session_code=${session_code}&execution=${execution}&client_id=__&tab_id=${tabid} and in body data I provide the required username and password.
I extract the code from the Response headers of the previous request
Send a POST request to the Token endpoint, using the code + a code verifier, generated using the code challenge + the hash method.
Expected result: Access token is displayed in response Actual result: An error message {"error":"invalid_grant","error_description":"User session not found"} is displayed
The same flow is working successfully in Postman. I can't seem to figure out the reason behind it. Any help would be highly appreciated.
JMeter Version: 8.6.2
Java Version: 1.8.0_391