Failed authentication: java.lang.IllegalStateException: Magic links not allowed for master realm

[Martin-Andersen]

I have setup ML in a docker container:

ARG KEYCLOAK_VERSION=23.0.4

FROM quay.io/keycloak/keycloak:${KEYCLOAK_VERSION} as builder

# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true

# for demonstration purposes only, please make sure to use proper certificates in production instead
# RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
COPY ./keycloak-plugins/keycloak-magic-link-0.23.jar /opt/keycloak/providers/magiclink.jar
RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
COPY --from=builder /opt/keycloak/ /opt/keycloak/

# change these values to point to a running oracle instance
ENV KC_DB=oracle
ENV KC_DB_URL=jdbc:oracle:thin:@someserver
ENV KC_DB_USERNAME=KEYCLOAK
ENV KC_DB_PASSWORD=somePassword
ENV KC_db_SCHEMA=KEYCLOAK
ENV KC_HOSTNAME=localhost

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

# stå i C:\Projects\external-idp
# docker build -f scripts/kc-image/Dockerfile . --tag kc:latest
# docker run -d -p 8088:8080 --name kc-custom kc:latest start-dev

Picture of login flow

Errors from log:

2024-01-12 13:39:48 Updating the configuration and installing your custom providers, if any. Please wait. 2024-01-12 13:39:50 2024-01-12 12:39:49,921 WARN [org.keycloak.services] (build-24) KC-SERVICES0047: magic-link (io.phasetwo.keycloak.magic.resources.MagicLinkResourceProviderFactory) is implementing the internal SPI realm-restapi-extension. This SPI is internal and may change without notice 2024-01-12 13:39:50 2024-01-12 12:39:50,015 WARN [org.keycloak.services] (build-24) KC-SERVICES0047: ext-magic-form (io.phasetwo.keycloak.magic.auth.MagicLinkAuthenticatorFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice 2024-01-12 13:39:50 2024-01-12 12:39:50,015 WARN [org.keycloak.services] (build-24) KC-SERVICES0047: ext-email-otp (io.phasetwo.keycloak.magic.auth.EmailOtpAuthenticatorFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice 2024-01-12 13:39:50 2024-01-12 12:39:50,180 WARN [org.keycloak.services] (build-24) KC-SERVICES0047: ext-magic-link (io.phasetwo.keycloak.magic.auth.token.MagicLinkActionTokenHandlerFactory) is implementing the internal SPI actionTokenHandler. This SPI is internal and may change without notice 2024-01-12 13:39:54 2024-01-12 12:39:54,512 INFO [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 5439ms 2024-01-12 13:39:56 2024-01-12 12:39:55,352 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: , Hostname: localhost, Strict HTTPS: false, Path: , Strict BackChannel: false, Admin URL: , Admin: , Port: -1, Proxied: false 2024-01-12 13:39:56 2024-01-12 12:39:56,278 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly 2024-01-12 13:39:56 2024-01-12 12:39:56,581 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal 2024-01-12 13:39:56 2024-01-12 12:39:56,606 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled 2024-01-12 13:39:56 2024-01-12 12:39:56,642 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller' 2024-01-12 13:39:57 2024-01-12 12:39:57,510 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener 2024-01-12 13:39:57 2024-01-12 12:39:57,527 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_97155, Site name: null 2024-01-12 13:40:02 2024-01-12 12:40:02,811 INFO [io.quarkus] (main) Keycloak 23.0.4 on JVM (powered by Quarkus 3.2.9.Final) started in 8.243s. Listening on: http://0.0.0.0:8080 2024-01-12 13:40:02 2024-01-12 12:40:02,811 INFO [io.quarkus] (main) Profile dev activated. 2024-01-12 13:40:02 2024-01-12 12:40:02,811 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, smallrye-health, vertx] 2024-01-12 13:40:02 2024-01-12 12:40:02,813 WARN [org.keycloak.quarkus.runtime.KeycloakMain] (main) Running the server in development mode. DO NOT use this configuration in production. 2024-01-12 13:42:30 2024-01-12 12:42:30,554 WARN [org.keycloak.events] (executor-thread-6) type=LOGIN_ERROR, realmId=17bdf217-47ca-4f37-985b-82cd81bccf3a, clientId=aspnetcoretest, userId=16954a2b-3064-4e17-87ce-09a763e30daf, ipAddress=172.17.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://localhost:5556/signin-oidc, code_id=1072bfef-e2f6-4424-aca1-0cc4aedbee01, username=martinherlovandersen@gmail.com 2024-01-12 13:43:09 2024-01-12 12:43:09,114 WARN [org.keycloak.services.managers.AuthenticationManager] (executor-thread-2) Some clients have been not been logged out for user martinherlovandersen@gmail.com in master realm: aspnetcoretest 2024-01-12 14:17:35 2024-01-12 13:17:35,214 INFO [io.phasetwo.keycloak.magic.MagicLink] (executor-thread-23) Attempting MagicLinkAuthenticator for martinherlovandersen@gmail.com, aspnetcoretest, https://localhost:5556/signin-oidc 2024-01-12 14:17:35 2024-01-12 13:17:35,215 INFO [io.phasetwo.keycloak.magic.MagicLink] (executor-thread-23) MagicLinkAuthenticator extra vars openid profile CfDJ8OH3kXTpwkZIn5AIdnE6E8w01cMJltnjli0g4_oduDloc2HdNMKbr-6B01Pae0tJWlwt_DA6puv03EbrmFElLCwCaI4SVwJ4laYHIaNIEjjMgpwTN_28gqxwsvZ6lMhmkDaZTOXWMtX37Aw9depJ0oV8gYULkhPgJaswaYA480pBjdFcwrmcF_L4ZU7R7_BG72rqTq-fKDPXjalXG6QnSjAvZJAkAcm8qH94Sud4ntVu_iHg7Jdr6QOjFbMUIbWYVx_TKul8nQ90J44dKmOLf9g9_caR6QDiOTQZrxcQgEVWsPy8J6DI3EzXT4DMK2xU6VPg9O-PyrCfYLjYPyfiIanJYRn747PyLaToYNdBBNynYFUnDosQcRluu-BDJ_BaIg 638406622489457010.ZDFjZWU0MTItYWEzNi00NWI4LWJlZTAtMWQ2YTMyZWMzOTFhYWNhMzk5NTYtYzFmZi00Mzg5LWE4MjctMWU1Y2Q1NjQxMzI0 true 2024-01-12 14:17:35 2024-01-12 13:17:35,216 WARN [org.keycloak.services] (executor-thread-23) KC-SERVICES0013: Failed authentication: java.lang.IllegalStateException: Magic links not allowed for master realm 2024-01-12 14:17:35 at io.phasetwo.keycloak.magic.MagicLink.linkFromActionToken(MagicLink.java:193) 2024-01-12 14:17:35 at io.phasetwo.keycloak.magic.auth.MagicLinkAuthenticator.action(MagicLinkAuthenticator.java:109) 2024-01-12 14:17:35 at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:154) 2024-01-12 14:17:35 at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:988) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:362) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source) 2024-01-12 14:17:35 at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) 2024-01-12 14:17:35 at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) 2024-01-12 14:17:35 at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145) 2024-01-12 14:17:35 at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) 2024-01-12 14:17:35 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2024-01-12 14:17:35 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2024-01-12 14:17:35 at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2024-01-12 14:17:35 at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2024-01-12 14:17:35 at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2024-01-12 14:17:35 at java.base/java.lang.Thread.run(Thread.java:840) 2024-01-12 14:17:35 2024-01-12 14:17:35 2024-01-12 13:17:35,216 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-23) Uncaught server error: java.lang.IllegalStateException: Attempted to define event error without first setting the event type 2024-01-12 14:17:35 at org.keycloak.events.EventBuilder.error(EventBuilder.java:226) 2024-01-12 14:17:35 at org.keycloak.authentication.AuthenticationProcessor.handleBrowserException(AuthenticationProcessor.java:833) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:370) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390) 2024-01-12 14:17:35 at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source) 2024-01-12 14:17:35 at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) 2024-01-12 14:17:35 at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) 2024-01-12 14:17:35 at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145) 2024-01-12 14:17:35 at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) 2024-01-12 14:17:35 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2024-01-12 14:17:35 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2024-01-12 14:17:35 at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2024-01-12 14:17:35 at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2024-01-12 14:17:35 at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2024-01-12 14:17:35 at java.base/java.lang.Thread.run(Thread.java:840) 2024-01-12 14:17:35 2024-01-12 14:18:03 2024-01-12 13:18:03,098 INFO [io.phasetwo.keycloak.magic.MagicLink] (executor-thread-27) Attempting MagicLinkAuthenticator for martinherlovandersen@gmail.com, aspnetcoretest, https://localhost:5556/signin-oidc 2024-01-12 14:18:03 2024-01-12 13:18:03,099 INFO [io.phasetwo.keycloak.magic.MagicLink] (executor-thread-27) MagicLinkAuthenticator extra vars openid profile CfDJ8OH3kXTpwkZIn5AIdnE6E8yv7MBKafT-oaDs59x1i3OoKV2kEbypWiuSreyNCVEWApLNfvmP88k43BOhonZjTgEgvdzfjeRxRqTz7XGmPuhoiqm8faWN1DOlGVE6z6G0q0yG5Jj5CBD7Y-4e41rFSd-nlMXwNJzgNR9BP-YbWU0l9WCLr2zXXbskxMY-fAp-6_9qY74zWDZv8--so5TtU8GcUCZIm1f8EkyR75Ih3X0ejvsnlJqrWlWieRqGrwhgd2WpXPAckjbElGlBo_XX3-byeKEokYYU-IAnoxgX5RrVNuq5BkPMEkuvdmpxiGDbYcBBR53KUp1cVaqfSBGWQHp4_PA1qvJpVHUTaQ_NtMh7mZ4Vt_rom4ZMf6ZEucYwBiPGTx42fwTKlXvtJJBIl3Q 638406622767577075.MGRmYjIzZWEtZDAzOC00MzM5LTk2NjMtYTkyMTQ2MDNmYTY5NDM4YTcwNDctZDM1Yi00NDAwLTg1N2EtZTBhODRmOTc5Mjlh false 2024-01-12 14:18:03 2024-01-12 13:18:03,099 WARN [org.keycloak.services] (executor-thread-27) KC-SERVICES0013: Failed authentication: java.lang.IllegalStateException: Magic links not allowed for master realm 2024-01-12 14:18:03 at io.phasetwo.keycloak.magic.MagicLink.linkFromActionToken(MagicLink.java:193) 2024-01-12 14:18:03 at io.phasetwo.keycloak.magic.auth.MagicLinkAuthenticator.action(MagicLinkAuthenticator.java:109) 2024-01-12 14:18:03 at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:154) 2024-01-12 14:18:03 at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:988) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:362) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source) 2024-01-12 14:18:03 at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) 2024-01-12 14:18:03 at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) 2024-01-12 14:18:03 at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145) 2024-01-12 14:18:03 at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) 2024-01-12 14:18:03 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2024-01-12 14:18:03 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2024-01-12 14:18:03 at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2024-01-12 14:18:03 at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2024-01-12 14:18:03 at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2024-01-12 14:18:03 at java.base/java.lang.Thread.run(Thread.java:840) 2024-01-12 14:18:03 2024-01-12 14:18:03 2024-01-12 13:18:03,099 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-27) Uncaught server error: java.lang.IllegalStateException: Attempted to define event error without first setting the event type 2024-01-12 14:18:03 at org.keycloak.events.EventBuilder.error(EventBuilder.java:226) 2024-01-12 14:18:03 at org.keycloak.authentication.AuthenticationProcessor.handleBrowserException(AuthenticationProcessor.java:833) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:370) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390) 2024-01-12 14:18:03 at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source) 2024-01-12 14:18:03 at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) 2024-01-12 14:18:03 at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) 2024-01-12 14:18:03 at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145) 2024-01-12 14:18:03 at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) 2024-01-12 14:18:03 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2024-01-12 14:18:03 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2024-01-12 14:18:03 at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2024-01-12 14:18:03 at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2024-01-12 14:18:03 at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2024-01-12 14:18:03 at java.base/java.lang.Thread.run(Thread.java:840) 2024-01-12 14:18:03 2024-01-12 14:32:18 2024-01-12 13:32:18,691 INFO [io.phasetwo.keycloak.magic.MagicLink] (executor-thread-42) Attempting MagicLinkAuthenticator for martinherlovandersen@gmail.com, aspnetcoretest, https://localhost:5556/signin-oidc 2024-01-12 14:32:18 2024-01-12 13:32:18,692 INFO [io.phasetwo.keycloak.magic.MagicLink] (executor-thread-42) MagicLinkAuthenticator extra vars openid profile CfDJ8OH3kXTpwkZIn5AIdnE6E8wVhsbNkGIZMcPXFC82sez0eJ6LnK3ceDfAyaC2o7vdKK22ocBnNZsKSniJ5uRDmMaRmjhoH-gYFfcoD3XIqM4GGMBXuXOwTdmUkXvBeo_c7LYb0jrQBGRLZhBlr7AVsUt79zoaUMxvgCjry7XVIZolm7LaNnxLBTVn37zNCjzoaWd_clc8n3qNepS4pdHV_84pci9WZAu6P8qpk1yNjUXYYguf--2Rt-Nn6X2VEdxC8iHhQ2FrrMtnspg3_nmLnFU_oeGEaN9hQCv7jlKttGSqERzHynqydDfldnbzSflfs8tN02lABnILnwCX8w6syYrkv6LIL9Vl6d1nmtWhspZPlTpnLP_Ey5cPIVh75b99DA 638406631319238928.YTg4NjhhZmMtODE3Zi00OWQ3LTljODktYjEzMTJlYzgwOTVkZmE0ZjA3ODctYWIzMS00OTEzLWIxMjUtYWRiMzFhN2UyNjk2 true 2024-01-12 14:32:18 2024-01-12 13:32:18,692 WARN [org.keycloak.services] (executor-thread-42) KC-SERVICES0013: Failed authentication: java.lang.IllegalStateException: Magic links not allowed for master realm 2024-01-12 14:32:18 at io.phasetwo.keycloak.magic.MagicLink.linkFromActionToken(MagicLink.java:193) 2024-01-12 14:32:18 at io.phasetwo.keycloak.magic.auth.MagicLinkAuthenticator.action(MagicLinkAuthenticator.java:109) 2024-01-12 14:32:18 at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:154) 2024-01-12 14:32:18 at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:988) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:362) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source) 2024-01-12 14:32:18 at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) 2024-01-12 14:32:18 at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) 2024-01-12 14:32:18 at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145) 2024-01-12 14:32:18 at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) 2024-01-12 14:32:18 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2024-01-12 14:32:18 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2024-01-12 14:32:18 at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2024-01-12 14:32:18 at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2024-01-12 14:32:18 at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2024-01-12 14:32:18 at java.base/java.lang.Thread.run(Thread.java:840) 2024-01-12 14:32:18 2024-01-12 14:32:18 2024-01-12 13:32:18,692 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-42) Uncaught server error: java.lang.IllegalStateException: Attempted to define event error without first setting the event type 2024-01-12 14:32:18 at org.keycloak.events.EventBuilder.error(EventBuilder.java:226) 2024-01-12 14:32:18 at org.keycloak.authentication.AuthenticationProcessor.handleBrowserException(AuthenticationProcessor.java:833) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:370) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390) 2024-01-12 14:32:18 at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source) 2024-01-12 14:32:18 at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) 2024-01-12 14:32:18 at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) 2024-01-12 14:32:18 at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145) 2024-01-12 14:32:18 at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) 2024-01-12 14:32:18 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2024-01-12 14:32:18 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2024-01-12 14:32:18 at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2024-01-12 14:32:18 at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2024-01-12 14:32:18 at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2024-01-12 14:32:18 at java.base/java.lang.Thread.run(Thread.java:840) 2024-01-12 14:32:18

What am I doing wrong?

[xgp]

Magic links are not allowed for the master realm. It was deemed too dangerous, given that you can make and distribute a token that will log you in to master with admin privileges. If you want to use this, try it in another realm.

[Martin-Andersen]

So you consider magic links as unsafe to use? Can users share the token, also do the not expire?

[xgp]

So you consider magic links as unsafe to use?

No, that is an incorrect and overly broad generalization. I was very specific. Magic links are not allowed for the master realm. That is a design decision we made.

We consider magic links and this library safe to use, for most use cases. However, we decided not to allow them for the master realm because of the possible permissions that can be associated with the token.

If you would like to use this library for creating tokens to log into the master realm, fork this library, and remove this section https://github.com/p2-inc/keycloak-magic-link/blob/main/src/main/java/io/phasetwo/keycloak/magic/MagicLink.java#L191

Can users share the token, also do the not expire?

Please try this sentence again. It doesn't make sense.

• Magic links can be created via the REST resource or sent to an email address. So, by definition, they can then be shared.
• Magic links expiration and reuse are configurable. Please see the config page in the admin UI.