Keycloak 抱怨令牌端点上的 redirect_uri 无效

Posted

技术标签:

【中文标题】Keycloak 抱怨令牌端点上的 redirect_uri 无效【英文标题】:Keycloak complains about invalid redirect_uri on token endpoint 【发布时间】:2019-06-06 08:53:51 【问题描述】:

我尝试将在 CloudFoundry 上运行的现有 Java 应用程序迁移到 Keycloak,因此使用 Keycloak Servlet 过滤器。这是请求代码的第一步。但是将代码转换为令牌的第二步失败并显示“不正确的redirect_uri”。这很奇怪,因为我可以在对 Keycloak 服务器的两个请求中看到与 redirect_url 相同的 URL。

有人知道原因和解决办法吗?

2019-01-11T12:03:20.01+0100 [RTR/1] OUT APP_HOST - [2019-01-11T11:03:19.993+0000] "GET /keycloak/ HTTP/1.1" 302 0 0 "https://APP_HOST/keycloak/?state=f98ebe4e-1499-4513-8da3-1a95bd0ce894&session_state=9984091c-6eb7-4395-a335-27aff1334a5f&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..zEDr2g5BhXmaNr6vflO7eg.Lm6SpGasJYE-CJqkwiAmWz4sRHGUMgYHFjNr-ScWamsSL6vRSj_r-Gbsf75-FNxt4NMC6XTshNXoeqTA0SJOrQSnPMV1qLuJyAHWY-ajAiDkPvtsWT5nxHYbEUaJtDOAMbxhtfl3yQo_Uyl2gYegcJTgC7FchC8FSl5ovS7q3EZb8aXET0OP_-IApQo0xN4XB2BDuiuC_DY1ySlYkUYdKSrK4HsgSlkSHELBwyL0iw8CNs0nlnWHgJZBWtYDVoRk.QuT_ov_ZBlFhexBrZAYl_w" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0" "192.168.6.12:50100" "192.168.2.30:61006" x_forwarded_for:"10.209.173.45, 192.168.6.12" x_forwarded_proto:"https" vcap_request_id:"b18a1abd-233b-4140-5e8a-8ae1a16ca251" response_time:0.017485509 app_id:"27846aa1-34c0-46e0-9dce-c7a893d06dd6" app_index:"0" x_b3_traceid:"9399df2a769b38c6" x_b3_spanid:"9399df2a769b38c6" x_b3_parentspanid:"-"
2019-01-11T12:03:20.01+0100 [RTR/1] OUT 
2019-01-11T12:03:20.00+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:20,004 [DEBUG] PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:75) [http-nio-8080-exec-1] adminRequest https://APP_HOST/keycloak/?
2019-01-11T12:03:20.00+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:20,006 [DEBUG] PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:106) [http-nio-8080-exec-1] checkCorsPreflight https://APP_HOST/keycloak/?
2019-01-11T12:03:20.00+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:20,006 [DEBUG] OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:266) [http-nio-8080-exec-1] there was no code
2019-01-11T12:03:20.00+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:20,007 [DEBUG] OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:274) [http-nio-8080-exec-1] redirecting to auth server
2019-01-11T12:03:20.00+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:20,007 [DEBUG] OAuthRequestAuthenticator.getRedirectUri(OAuthRequestAuthenticator.java:144) [http-nio-8080-exec-1] callback uri: https://APP_HOST/keycloak/?
2019-01-11T12:03:20.00+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:20,008 [DEBUG] OAuthRequestAuthenticator.challenge(OAuthRequestAuthenticator.java:227) [http-nio-8080-exec-1] Sending redirect to login page: https://KEYCLOAK_HOST/auth/realms/kums/protocol/openid-connect/auth?response_type=code&client_id=CLIENT_ID&redirect_uri=https%3A%2F%2FAPP_HOST%2Fkeycloak%2F?&state=5dc5b208-6093-4d1b-b9ed-c9d2091a306f&login=true&scope=openid
2019-01-11T12:03:21.79+0100 [RTR/0] OUT APP_HOST - [2019-01-11T11:03:21.692+0000] "GET /keycloak/?state=5dc5b208-6093-4d1b-b9ed-c9d2091a306f&session_state=9984091c-6eb7-4395-a335-27aff1334a5f&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..0-5C1AJAZrNXJwmZbt4I0Q.LET3bu8MVK6Uq58-j-yPC0WP_F01jskmm6WvyXqRRURlMiVIH9VV0fx6Cc3O4X0JFyTUiuESHUcfk2dyHOoL_z-IVVAAxTE-Eg2rphKjVT7OfWsoxuHZKFY9RkyEnr9Grwgd9WakmrGZBAin8yVX6YmfLC6O1KkrVwiJDrB3lP6VrlWRCMrlmBnjMlqwzFD_Bx3vqSmoKlWo9I9b5bvPgcFZY58EO2zARsBmLAjqtSZTdDB9dasohuPjXpDa9lOR.sO5oOhIQKC6NcHC3CIIuzA HTTP/1.1" 403 0 5878 "https://APP_HOST/keycloak/?state=f98ebe4e-1499-4513-8da3-1a95bd0ce894&session_state=9984091c-6eb7-4395-a335-27aff1334a5f&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..zEDr2g5BhXmaNr6vflO7eg.Lm6SpGasJYE-CJqkwiAmWz4sRHGUMgYHFjNr-ScWamsSL6vRSj_r-Gbsf75-FNxt4NMC6XTshNXoeqTA0SJOrQSnPMV1qLuJyAHWY-ajAiDkPvtsWT5nxHYbEUaJtDOAMbxhtfl3yQo_Uyl2gYegcJTgC7FchC8FSl5ovS7q3EZb8aXET0OP_-IApQo0xN4XB2BDuiuC_DY1ySlYkUYdKSrK4HsgSlkSHELBwyL0iw8CNs0nlnWHgJZBWtYDVoRk.QuT_ov_ZBlFhexBrZAYl_w" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0" "192.168.6.12:47988" "192.168.2.30:61006" x_forwarded_for:"10.209.173.45, 192.168.6.12" x_forwarded_proto:"https" vcap_request_id:"25f4b5df-a11e-4120-7ec8-2910671b4819" response_time:0.101218652 app_id:"27846aa1-34c0-46e0-9dce-c7a893d06dd6" app_index:"0" x_b3_traceid:"b743963318cc0d09" x_b3_spanid:"b743963318cc0d09" x_b3_parentspanid:"-"
2019-01-11T12:03:21.79+0100 [RTR/0] OUT 
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,702 [DEBUG] PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:75) [http-nio-8080-exec-2] adminRequest https://APP_HOST/keycloak/?code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..0-5C1AJAZrNXJwmZbt4I0Q.LET3bu8MVK6Uq58-j-yPC0WP_F01jskmm6WvyXqRRURlMiVIH9VV0fx6Cc3O4X0JFyTUiuESHUcfk2dyHOoL_z-IVVAAxTE-Eg2rphKjVT7OfWsoxuHZKFY9RkyEnr9Grwgd9WakmrGZBAin8yVX6YmfLC6O1KkrVwiJDrB3lP6VrlWRCMrlmBnjMlqwzFD_Bx3vqSmoKlWo9I9b5bvPgcFZY58EO2zARsBmLAjqtSZTdDB9dasohuPjXpDa9lOR.sO5oOhIQKC6NcHC3CIIuzA&state=5dc5b208-6093-4d1b-b9ed-c9d2091a306f&session_state=9984091c-6eb7-4395-a335-27aff1334a5f
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,703 [DEBUG] PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:106) [http-nio-8080-exec-2] checkCorsPreflight https://APP_HOST/keycloak/?code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..0-5C1AJAZrNXJwmZbt4I0Q.LET3bu8MVK6Uq58-j-yPC0WP_F01jskmm6WvyXqRRURlMiVIH9VV0fx6Cc3O4X0JFyTUiuESHUcfk2dyHOoL_z-IVVAAxTE-Eg2rphKjVT7OfWsoxuHZKFY9RkyEnr9Grwgd9WakmrGZBAin8yVX6YmfLC6O1KkrVwiJDrB3lP6VrlWRCMrlmBnjMlqwzFD_Bx3vqSmoKlWo9I9b5bvPgcFZY58EO2zARsBmLAjqtSZTdDB9dasohuPjXpDa9lOR.sO5oOhIQKC6NcHC3CIIuzA&state=5dc5b208-6093-4d1b-b9ed-c9d2091a306f&session_state=9984091c-6eb7-4395-a335-27aff1334a5f
2019-01-11T12:03:21.76+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,767 [DEBUG] RequestAuthCache.process(RequestAuthCache.java:76) [http-nio-8080-exec-2] Auth cache not set in the context
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,703 [DEBUG] OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:279) [http-nio-8080-exec-2] there was a code, resolving
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,704 [DEBUG] OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:325) [http-nio-8080-exec-2] checking state cookie for after code
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,704 [DEBUG] OAuthRequestAuthenticator.checkStateCookie(OAuthRequestAuthenticator.java:244) [http-nio-8080-exec-2] ** reseting application state cookie
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,705 [DEBUG] ThreadSafeClientConnManager.getConnection(ThreadSafeClientConnManager.java:239) [http-nio-8080-exec-2] Get connection: s->https://KEYCLOAK_HOST:443, timeout = 0
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,706 [DEBUG] ConnPoolByRoute.getEntryBlocking(ConnPoolByRoute.java:347) [http-nio-8080-exec-2] [s->https://KEYCLOAK_HOST:443] total kept alive: 1, total issued: 0, total allocated: 1 out of 20
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,706 [DEBUG] ConnPoolByRoute.getFreeEntry(ConnPoolByRoute.java:496) [http-nio-8080-exec-2] Getting free connection [s->https://KEYCLOAK_HOST:443][null]
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,707 [DEBUG] DefaultHttpClient.execute(DefaultRequestDirector.java:433) [http-nio-8080-exec-2] Stale connection check
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,708 [DEBUG] DefaultHttpClient.execute(DefaultRequestDirector.java:435) [http-nio-8080-exec-2] Stale connection detected
2019-01-11T12:03:21.70+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,708 [DEBUG] DefaultClientConnection.close(DefaultClientConnection.java:182) [http-nio-8080-exec-2] Connection 0.0.0.0:47716<->11.217.32.122:443 closed
2019-01-11T12:03:21.71+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,709 [DEBUG] DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:176) [http-nio-8080-exec-2] Connecting to KEYCLOAK_HOST:443
2019-01-11T12:03:21.76+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,767 [DEBUG] RequestAddCookies.process(RequestAddCookies.java:122) [http-nio-8080-exec-2] CookieSpec selected: compatibility
2019-01-11T12:03:21.76+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,768 [DEBUG] RequestProxyAuthentication.process(RequestProxyAuthentication.java:88) [http-nio-8080-exec-2] Proxy auth state: UNCHALLENGED
2019-01-11T12:03:21.76+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,768 [DEBUG] DefaultHttpClient.tryExecute(DefaultRequestDirector.java:684) [http-nio-8080-exec-2] Attempt 1 to execute request
2019-01-11T12:03:21.76+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,768 [DEBUG] DefaultClientConnection.sendRequestHeader(DefaultClientConnection.java:276) [http-nio-8080-exec-2] Sending request: POST /auth/realms/kums/protocol/openid-connect/token HTTP/1.1
2019-01-11T12:03:21.76+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,769 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "POST /auth/realms/kums/protocol/openid-connect/token HTTP/1.1[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,769 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "Authorization: Basic ...[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,770 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "Content-Length: 577[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,770 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "Content-Type: application/x-www-form-urlencoded; charset=UTF-8[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,770 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "Host: KEYCLOAK_HOST[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,771 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "Connection: Keep-Alive[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,771 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  >> "[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,771 [DEBUG] headers.sendRequestHeader(DefaultClientConnection.java:280) [http-nio-8080-exec-2] >> POST /auth/realms/kums/protocol/openid-connect/token HTTP/1.1
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,772 [DEBUG] headers.sendRequestHeader(DefaultClientConnection.java:283) [http-nio-8080-exec-2] >> Authorization: Basic ...
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,772 [DEBUG] headers.sendRequestHeader(DefaultClientConnection.java:283) [http-nio-8080-exec-2] >> Content-Length: 577
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,772 [DEBUG] headers.sendRequestHeader(DefaultClientConnection.java:283) [http-nio-8080-exec-2] >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,773 [DEBUG] headers.sendRequestHeader(DefaultClientConnection.java:283) [http-nio-8080-exec-2] >> Host: KEYCLOAK_HOST
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,773 [DEBUG] headers.sendRequestHeader(DefaultClientConnection.java:283) [http-nio-8080-exec-2] >> Connection: Keep-Alive
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,774 [DEBUG] wire.wire(Wire.java:86) [http-nio-8080-exec-2]  >> "grant_type=authorization_code&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..0-5C1AJAZrNXJwmZbt4I0Q.LET3bu8MVK6Uq58-j-yPC0WP_F01jskmm6WvyXqRRURlMiVIH9VV0fx6Cc3O4X0JFyTUiuESHUcfk2dyHOoL_z-IVVAAxTE-Eg2rphKjVT7OfWsoxuHZKFY9RkyEnr9Grwgd9WakmrGZBAin8yVX6YmfLC6O1KkrVwiJDrB3lP6VrlWRCMrlmBnjMlqwzFD_Bx3vqSmoKlWo9I9b5bvPgcFZY58EO2zARsBmLAjqtSZTdDB9dasohuPjXpDa9lOR.sO5oOhIQKC6NcHC3CIIuzA&redirect_uri=https%3A%2F%2FAPP_HOST%2Fkeycloak%2F&client_session_state=FE94EAFFC87674ED70E0C1EC543CFBAE&client_session_host=dc36d0f9-10cf-4807-74e3-b2da"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,776 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "HTTP/1.1 400 Bad Request[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,776 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "Connection: keep-alive[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,776 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "Cache-Control: no-store[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,777 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "Pragma: no-cache[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,777 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "Content-Type: application/json[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,777 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "Content-Length: 70[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,778 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "Date: Fri, 11 Jan 2019 11:03:21 GMT[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,778 [DEBUG] wire.wire(Wire.java:72) [http-nio-8080-exec-2]  << "[\r][\n]"
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,778 [DEBUG] DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:261) [http-nio-8080-exec-2] Receiving response: HTTP/1.1 400 Bad Request
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,779 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:264) [http-nio-8080-exec-2] << HTTP/1.1 400 Bad Request
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,779 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:267) [http-nio-8080-exec-2] << Connection: keep-alive
2019-01-11T12:03:21.77+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,779 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:267) [http-nio-8080-exec-2] << Cache-Control: no-store
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,780 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:267) [http-nio-8080-exec-2] << Pragma: no-cache
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,780 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:267) [http-nio-8080-exec-2] << Content-Type: application/json
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,780 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:267) [http-nio-8080-exec-2] << Content-Length: 70
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,780 [DEBUG] headers.receiveResponseHeader(DefaultClientConnection.java:267) [http-nio-8080-exec-2] << Date: Fri, 11 Jan 2019 11:03:21 GMT
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,781 [DEBUG] DefaultHttpClient.execute(DefaultRequestDirector.java:511) [http-nio-8080-exec-2] Connection can be kept alive indefinitely
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,781 [DEBUG] wire.wire(Wire.java:86) [http-nio-8080-exec-2]  << ""error":"invalid_grant","error_description":"Incorrect redirect_uri""
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,782 [DEBUG] ThreadSafeClientConnManager.releaseConnection(ThreadSafeClientConnManager.java:285) [http-nio-8080-exec-2] Released connection is reusable.
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,782 [DEBUG] ConnPoolByRoute.freeEntry(ConnPoolByRoute.java:431) [http-nio-8080-exec-2] Releasing connection [s->https://KEYCLOAK_HOST:443][null]
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,782 [DEBUG] ConnPoolByRoute.freeEntry(ConnPoolByRoute.java:457) [http-nio-8080-exec-2] Pooling connection [s->https://KEYCLOAK_HOST:443][null]; keep alive indefinitely
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,782 [DEBUG] ConnPoolByRoute.notifyWaitingThread(ConnPoolByRoute.java:678) [http-nio-8080-exec-2] Notifying no-one, there are no waiting threads
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,783 [ERROR] OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:337) [http-nio-8080-exec-2] failed to turn code into token
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,783 [ERROR] OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:338) [http-nio-8080-exec-2] status from server: 400
2019-01-11T12:03:21.78+0100 [APP/PROC/WEB/0] OUT 2019-01-11 12:03:21,783 [ERROR] OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:340) [http-nio-8080-exec-2]    "error":"invalid_grant","error_description":"Incorrect redirect_uri" 

【问题讨论】:

【参考方案1】:

您需要正确配置您的客户端。 转到 Keycloak 到您的客户端配置 设置允许的重定向网址

在此处查看此帖子 keycloak Invalid parameter: redirect_uri

【讨论】:

是的,我知道。登录掩码工作正常,但代码到令牌请求却不行。问题是我无法查看 keycloak 配置。这是由不同部门提供的服务。 我收到了相同的错误消息,但这是因为我不小心将 POST 中的 redirect_uri 值双重编码到令牌端点。其他 OpenID Connect IdP 并没有对此抱怨,但 Keycloak 却抱怨。但是,查看您上面的日志,这对您来说似乎不是问题。

以上是关于Keycloak 抱怨令牌端点上的 redirect_uri 无效的主要内容,如果未能解决你的问题,请参考以下文章

Keycloak - 通过OIDC端点检索JWT令牌

使用spring boot(安全)和keycloak启用角色身份验证?

jsonwebtoken.verify 方法从 keycloak 令牌中给出错误

Keycloak 直接访问授权在 keycloak userinfo 端点上无效

我应该明确验证 Keycloak 令牌还是由 Keycloak 适配器完成?

如何使用公钥在本地验证 keycloak 访问令牌