Open nichogenius opened 1 year ago
I have the same problem on my owncloud. Did you finally solve it?
I also got this error. I'm trying to integrate OwnCloud 10.14.0 with KeyCloak and even with basic configuration copied from documentation it does not work correctly. In KeyCloak admin dashboard I can see that session has been created, but OwnCloud returns error presented on screenshot. @nichogenius have you solved your issue?
I've 2 independent instances of OC with same version. One of the instance sends to token endpoint code_verifier + client_id, second instance never sends code_verifier, that seems like PKCE violation. I cant understand why they are differ?
please check your session cookie setup in config.php
I have the following setup:
KeyCloak as an OpenID Connect IDP on server A behind a reverse proxy on a publicly accessible FQDN OwnCloud with the OpenID Connect app installed on server B on a private network.
When I attempt to login to OwnCloud using KeyCloak, KeyCloak logs a successful login, but an error on the token request. OwnCloud reports the error message from KeyCloak "Error in OpenIdConnect:PKCE code verifier not specified" in the web UI. This only happens on the first attempt. If I attempt the login sequence again, KeyCloak authenticates without a password and the token request is approved. OwnCloud then works as normal.
KeyCloak's Event log shows the following sequence: Attempt 1 1a. LOGIN (KeyCloak Password flow) 1b. CODE_TO_TOKEN_ERROR Attempt 2 2a. LOGIN (Keycloak Cookie authentication flow) 2b. CODE_TO_TOKEN
If KeyCloak is to be believed, there may be a code path in the OpenID Connect app where the code_verifier parameter isn't being included in the token request.