Непредвиденная ошибка при проверке подлинности поставщика учетных записей. VK ID

[PrimechaevRuslan]

Версия keycloak: 24.0.1 Identity provider: VK Жму "Login" -> Попадаю на авторизацию -> В поле "or sign with" жму VK ID -> Переносит на страницу авторизации в вк -> Жму "Продолжить как {Имя пользователя}" -> Переносит на кейклок с ошибкой которая прикреплена Доверенный редирект юрл заполнен идентично на стороне VK и Keycloak. client_id и client_secret заполнены в Keycloak без ошибок. Подскажите, есть ли еще какие-то нюансы, не могу разобраться от слова совсем

Логи докер: 2024-08-21 05:25:50,866 INFO [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-14) SimpleHttp org.keycloak.broker.provider.util.SimpleHttp@3ee1e45b 2024-08-21 05:25:51,146 INFO [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-14) GetFederatedIdentity {"error":{"error_code":5,"error_msg":"User authorization failed: invalid access_token (4).","request_params":[{"key":"v","value":"5.199"},{"key":"method","value":"auth.exchangeSilentAuthToken"},{"key":"oauth","value":"1"},{"key":"uuid","value":"----****"},{"key":"token","value":"[MASKED_TOKEN]"}]}} {"error":{"error_code":5,"error_msg":"User authorization failed: invalid access_token (4).","request_params":[{"key":"v","value":"5.199"},{"key":"method","value":"auth.exchangeSilentAuthToken"},{"key":"oauth","value":"1"},{"key":"uuid","value":"----****"},{"key":"token","value":"[MASKED_TOKEN]"}]}} 2024-08-21 05:25:51,147 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-14) Failed to make identity provider oauth callback: java.lang.NullPointerException: Cannot invoke "com.fasterxml.jackson.databind.JsonNode.asText()" because the return value of "com.fasterxml.jackson.databind.JsonNode.get(String)" is null at ru.playa.keycloak.modules.JsonUtils.asText(JsonUtils.java:36) at ru.playa.keycloak.modules.AbstractVKOAuth2IdentityProvider.getFederatedIdentity(AbstractVKOAuth2IdentityProvider.java:137) at ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider$AbstractRussianEndpoint.authResponse(AbstractRussianOAuth2IdentityProvider.java:139) at ru.playa.keycloak.modules.vkid.VKIDIdentityProvider$VkEndpoint.authResponse(VKIDIdentityProvider.java:121) at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint$quarkusrestinvoker$authResponse_fef2d69ce31937f365a37fb3083f9247bc4c56d2.invoke(Unknown Source) at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840)

Логи консоль: requests.js:2 GET https://[KEYCLOAK_URL]/auth/realms/[MASKED_REALM]/broker/vkid/endpoint?payload=[MASKED_PAYLOAD] 502 (Bad Gateway) value @ requests.js:2 (anonymous) @ requests.js:2 Promise.then
value @ requests.js:2 value @ requests.js:2 o @ requests.js:2 value @ requests.js:2 (anonymous) @ requests.js:2 (anonymous) @ requests.js:2

[onotoliy]

Здравствуйте, а версия провайдера какая?

[PrimechaevRuslan]

Я в ручную выставил 5.199 как последнию версию api

ср, 21 авг. 2024 г. в 08:51, Anatoliy Pokhresnyi @.***>:

Здравствуйте, а версия провайдера какая?

— Reply to this email directly, view it on GitHub https://github.com/playa-ru/keycloak-russian-providers/issues/41#issuecomment-2301185321, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD35SHOFBO6EQXYIKOITAIDZSQTHNAVCNFSM6AAAAABM3IB5R2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMBRGE4DKMZSGE . You are receiving this because you authored the thread.Message ID: @.***>

[onotoliy]

5.199 - это версия VK API взятая отсюда - https://dev.vk.com/ru/reference/versions А мне нужна версия провайдера keycloak-russian-providers, которую вы у себя используете.

[PrimechaevRuslan]

keycloak: image: "playaru/keycloak-russian:24.0.1"

[PrimechaevRuslan]

Залили с вашего гита докер образ где уже были провайдеры

[onotoliy]

Попробуйте этот образ playaru/keycloak-russian:24.0.1.2

[PrimechaevRuslan]

Все то же самое

[PrimechaevRuslan]

В логах че-то новенькое at ru.playa.keycloak.modules.AbstractVKOAuth2IdentityProvider.getFederatedIdentity(AbstractVKOAuth2IdentityProvider.java:144) at ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider$AbstractRussianEndpoint.authResponse(AbstractRussianOAuth2IdentityProvider.java:139) at ru.playa.keycloak.modules.vkid.VKIDIdentityProvider$VkEndpoint.authResponse(VKIDIdentityProvider.java:121) at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint$quarkusrestinvoker$authResponse_fef2d69ce31937f365a37fb3083f9247bc4c56d2.invoke(Unknown Source) at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840)

[onotoliy]

Нужны полные логи.

[PrimechaevRuslan]

Так?

2024-08-21 07:31:19,312 INFO [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-3) SimpleHttp org.keycloak.broker.provider.util.SimpleHttp@ 2024-08-21 07:31:19,809 INFO [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-3) GetFederatedIdentity {"error":{"error_code":5,"error_msg":"User authorization failed: invalid access_token (4).","request_params":[{"key":"v","value":"5.131"},{"key":"method","value":"auth.exchangeSilentAuthToken"},{"key":"oauth","value":"1"},{"key":"uuid","value":""},{"key":"token","value":""}]}} 2024-08-21 07:31:19,811 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-3) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access token available in OAuth server response: {"error":{"error_code":5,"error_msg":"User authorization failed: invalid access_token (4).","request_params":[{"key":"v","value":"5.131"},{"key":"method","value":"auth.exchangeSilentAuthToken"},{"key":"oauth","value":"1"},{"key":"uuid","value":""},{"key":"token","value":"***"}]}} at ru.playa.keycloak.modules.AbstractVKOAuth2IdentityProvider.getFederatedIdentity(AbstractVKOAuth2IdentityProvider.java:144) at ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider$AbstractRussianEndpoint.authResponse(AbstractRussianOAuth2IdentityProvider.java:139) at ru.playa.keycloak.modules.vkid.VKIDIdentityProvider$VkEndpoint.authResponse(VKIDIdentityProvider.java:121) at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint$quarkusrestinvoker$authResponse_fef2d69ce31937f365a37fb3083f9247bc4c56d2.invoke(Unknown Source) at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840)

2024-08-21 07:31:19,814 WARN [org.keycloak.events] (executor-thread-3) type="IDENTITY_PROVIDER_LOGIN_ERROR", realmId="", clientId="", userId="null", ipAddress="...", error="identity_provider_login_failure", code_id="***"

[PrimechaevRuslan]

Скажите может еще что-то нужно вам показать?

[PrimechaevRuslan]

Вы сможете глянуть настройки реалма/клиента/провайдера? Может у меня что-то не так с настройкой

[PrimechaevRuslan]

Немного попытался исправить, новые логи 2024-08-22 09:45:41,175 INFO [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-13) SimpleHttp org.keycloak.broker.provider.util.SimpleHttp@**** 2024-08-22 09:45:41,445 INFO [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-13) GetFederatedIdentity {"error":{"error_code":5,"error_msg":"User authorization failed: invalid access_token (4).","request_params":[{"key":"v","value":"5.199"},{"key":"method","value":"auth.exchangeSilentAuthToken"},{"key":"oauth","value":"1"},{"key":"uuid","value":"****----****"},{"key":"token","value":"*"}]}} 2024-08-22 09:45:41,445 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-13) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access token available in OAuth server response: {"error":{"error_code":5,"error_msg":"User authorization failed: invalid access_token (4).","request_params":[{"key":"v","value":"5.199"},{"key":"method","value":"auth.exchangeSilentAuthToken"},{"key":"oauth","value":"1"},{"key":"uuid","value":"****----****"},{"key":"token","value":"*"}]}} at ru.playa.keycloak.modules.AbstractVKOAuth2IdentityProvider.getFederatedIdentity(AbstractVKOAuth2IdentityProvider.java:144) at ru.playa.keycloak.modules.AbstractRussianOAuth2IdentityProvider$AbstractRussianEndpoint.authResponse(AbstractRussianOAuth2IdentityProvider.java:139) at ru.playa.keycloak.modules.vkid.VKIDIdentityProvider$VkEndpoint.authResponse(VKIDIdentityProvider.java:121) at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint$quarkusrestinvoker$authResponse_****.invoke(Unknown Source) at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840)

2024-08-22 09:45:41,445 WARN [org.keycloak.events] (executor-thread-13) type="IDENTITY_PROVIDER_LOGIN_ERROR", realmId="****----****", clientId="**", userId="null", ipAddress="**...", error="identity_provider_login_failure", code_id="****----****"

[lipunis]

2024-08-22 14:12:07,429 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-18) Failed to make identity provider oauth callback illegal argument exception: java.lang.IllegalArgumentException: Ваш аккаунт не подходит для авторизации через социальную сеть (Yandex) с почтой (yandex.ru). Тоже похоже. Есть мысли?

[PrimechaevRuslan]

Дайте обратную связь какую-то, ждать от вас ответа?

[onotoliy]

Попробуйте настроить авторизацию через VK, а не VKID. Скорее всего вы создали приложение которое работает по протоколу OAuth 2.0

[onotoliy]

Добрый день. Поправили ошибку. Провайдер https://repo1.maven.org/maven2/ru/playa/keycloak/keycloak-russian-providers/25.0.2.rsp-1/