Login Succeeds, but Requesting Token causes "Error in OpenIdConnect:PKCE code verifier not specified"

[nichogenius]

I have the following setup:

KeyCloak as an OpenID Connect IDP on server A behind a reverse proxy on a publicly accessible FQDN OwnCloud with the OpenID Connect app installed on server B on a private network.

When I attempt to login to OwnCloud using KeyCloak, KeyCloak logs a successful login, but an error on the token request. OwnCloud reports the error message from KeyCloak "Error in OpenIdConnect:PKCE code verifier not specified" in the web UI. This only happens on the first attempt. If I attempt the login sequence again, KeyCloak authenticates without a password and the token request is approved. OwnCloud then works as normal.

KeyCloak's Event log shows the following sequence: Attempt 1 1a. LOGIN (KeyCloak Password flow) 1b. CODE_TO_TOKEN_ERROR Attempt 2 2a. LOGIN (Keycloak Cookie authentication flow) 2b. CODE_TO_TOKEN

If KeyCloak is to be believed, there may be a code path in the OpenID Connect app where the code_verifier parameter isn't being included in the token request.

[VOLCANO0203]

I have the same problem on my owncloud. Did you finally solve it?

[mardrof]

I also got this error. I'm trying to integrate OwnCloud 10.14.0 with KeyCloak and even with basic configuration copied from documentation it does not work correctly. In KeyCloak admin dashboard I can see that session has been created, but OwnCloud returns error presented on screenshot. @nichogenius have you solved your issue?

[Chebura]

I've 2 independent instances of OC with same version. One of the instance sends to token endpoint code_verifier + client_id, second instance never sends code_verifier, that seems like PKCE violation. I cant understand why they are differ?

[DeepDiver1975]

please check your session cookie setup in config.php