Error on auth: PKCE code verifier not specified

mariovalney / laravel-keycloak-web-guard

Simple Keycloak Guard to Laravel Web Routes - https://packagist.org/packages/vizir/laravel-keycloak-web-guard

146 stars 80 forks source link

Error on auth: PKCE code verifier not specified #31

Closed vasilyevmichail closed 4 years ago

vasilyevmichail commented 4 years ago

ERR_TOO_MANY_REDIRECTS error after successfull authorisation.

keycloak.login (redirect to KeyCloak-server url)

Authorisation process. Successfull.

keycloak.callback -> keycloak.login (redirect to KeyCloak-server url) -> keycloak.callback -> keycloak.login (redirect to KeyCloak-server url) -> keycloak.callback -> keycloak.login (redirect to KeyCloak url) -> ... ... keycloak.callback -> Invalid state

Site has forwarded too many times.

vasilyevmichail commented 4 years ago

public function callback(Request $request)

... ... $token = KeycloakWeb::getAccessToken($code); if (Auth::validate($token)) { // >>> I can't get here <<< }

... // and redirect to keyCloak server again & again return redirect(route('keycloak.login'));

mariovalney commented 4 years ago

Hi! How are you?

Did you check this item of FAQ? https://github.com/Vizir/laravel-keycloak-web-guard#im-having-problems-with-session-stuck-on-login-loop

vasilyevmichail commented 4 years ago

Hi!

Did you check this item of FAQ?

After changes in App\Http\Middleware\EncryptCookies.php

I see it in any page of the site:

Illuminate\Contracts\Container\BindingResolutionException Target class [App\Http\Middleware\EncrypterContract] does not exist.

mariovalney commented 4 years ago

Add the USE in begging of class:

use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;

Like here.

vasilyevmichail commented 4 years ago

I added.

But ERR_TOO_MANY_REDIRECTS still.

vasilyevmichail commented 4 years ago

$token = KeycloakWeb::getAccessToken($code);

===

$code = 0af9bf29-8fda-46c7-8cb1-4324d11660d6.e140575a-e74b-4df2-a523-832b0919dec9.d61e6b86-14db-47cf-ab0a-e1a9784a132f

$token=Array()

vasilyevmichail commented 4 years ago

        [message:protected] => Client error: `POST https://.....myKeyCloakURLHere...................:8443/auth/realms/sso/protocol/openid-connect/token` resulted in a `400 Bad Request` response:

{"error":"invalid_grant","error_description":"PKCE code verifier not specified"}

mariovalney commented 4 years ago

Hi. By now we do not support PKCE.

Please, go to "Advanced Settings" on your client settings and make sure "Proof Key for Code Exchange Code Challenge Method" is empty.

AnisDerbel commented 2 years ago

is PKCE supported now ?