Closed giannischou closed 3 years ago
Here's an example config for the demo app against Keycloak
{
"client_id": "myappid",
"redirect_uri": "myappid://auth",
"end_session_redirect_uri":"myappid://auth",
"authorization_scope": "openid email profile",
"discovery_uri": "https://mydomain/realms/myrealm/.well-known/openid-configuration",
"authorization_endpoint_uri": "",
"token_endpoint_uri": "",
"registration_endpoint_uri": "",
"user_info_endpoint_uri": "",
"https_required": true
}
Note: /realms/myrealm
in the dicovery_uri
assuming the Keycloak instance is hosted at https://mydomain/
.
The default realm is master
.
This also assumes you have created a client with ID myappid
and myappid://auth
as a Valid Redirect URIs
Here's an example config for the demo app against Keycloak
{ "client_id": "myappid", "redirect_uri": "myappid://auth", "end_session_redirect_uri":"myappid://auth", "authorization_scope": "openid email profile", "discovery_uri": "https://mydomain/realms/myrealm/.well-known/openid-configuration", "authorization_endpoint_uri": "", "token_endpoint_uri": "", "registration_endpoint_uri": "", "user_info_endpoint_uri": "", "https_required": true }
Note:
/realms/myrealm
in thedicovery_uri
assuming the Keycloak instance is hosted athttps://mydomain/
. The default realm ismaster
. This also assumes you have created a client with IDmyappid
andmyappid://auth
as aValid Redirect URIs
Thank you for your response.
Still getting the same errors, as I mentioned above.. I think an example of a keycloak realm and client setup (which are used in the auth_config.json) would be very helpfull, if it was not much of a trouble for you. Also, I would like to mention that mydomain is the localhost or the IP of the machine I use. Is that a problem and how I should deal with it.
Thank you once again!
I now realise you're the same person in #692 Given the two issues I'm no longer sure what problem you're encountering exactly.
As for an example client setup as explained in #692 you just do 3 steps, go to Keyloack config, in the clients section, create a new one, name it and add your redirect URI, that's it.
No conclusion for this matter I presume ?
I'm trying to authenticate using the sample app against LemonLDAP (configured as OP), which is protecting an Apache Httpd resource with the mod_auth_oidc module. "Authorization Code Exchange failed null" appears though. Still added the setSkipIssuerHttpsCheck(True) in LoginActivity at the createAuthorizationService() function.
Accessing the resource after redirection is working on computer-based browser though.
I tried authenticating against LemonLDAP OP sample online ([https://oidctest.wsweet.org]) and it's working good.
Something's might be wrong with the OP I configured.
But since this thread had the same problem, I wondered if it was resolved in any way ??
Hi again,
Seems that having SSL activated on OpenID Connect Provider side did the trick.
@Elderic glad to hear you got this resolved.
Closing this issue as there hasn't been any further replies from the OP in some time. Feel free to open a new issue and reference this if you think it's related.
I have the same problem with keycloak 15.0.2, I resolved it by allowing HTTP Connection
AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
.setSkipIssuerHttpsCheck(true)
.build()
Credit: #657
Configuration
Description
Hello there,
I am running Keycloak Server on HTTPS/SSL in order to get the AppAuth Demo running. I am confronting two problems.
(1) if I fill the discovery_uri (in the auth_config.json), I get the message from the demo's ui "Network error when retrieving discovery document" and naturally nothing happens.
(2) if I fill all the other uris except the discovery_uri (in the auth_config.json), the demo is running and asking me the needed information. Then I get the message from the demo's ui "Authorization Code Exchange failed null" and the button "Reauathorize" appears.
Can anyone help me with this one? Thanks in advance!