40

I am calling /auth/realms/master/protocol/openid-connect/token to get access token by sending below content in body, grant_type=password&client_id=example-docker-jaxrs-app&username=user&password=password&client_secret=1d27aedd-11c2-4ed2-97d5-c586e1f9b3cd

but when I put update password as required action to user from keycloak admin console getting following error when try to get token by above mentioned api,

{
    "error": "invalid_grant",
    "error_description": "Account is not fully set up"
}

one more thing, What is difference in 2 setting, Temporary password and Update password Required action ?

Temporary flag here in users credential tab

Update password as required action in user details tab

v.ladynev
  • 19,275
  • 8
  • 46
  • 67
Shailesh Narkhede
  • 605
  • 1
  • 5
  • 11

4 Answers4

65

If you mark the password as temporary a user action to update password is marked as required.

And until the password has been updated/set by the user i.e. this action has been completed, you won't be able to get an access token using this user since the account is not "fully setup" and is in a kind of intermediate state where an action is required to complete the setup.

ritesh.garg
  • 3,725
  • 1
  • 15
  • 14
  • 2
    Thanks for reply, then how can somebody validate username/password first time. I do not want to user keycloak screen I have our own login page, and we are using /token api for validateing username/password. – Shailesh Narkhede Mar 06 '17 at 04:35
  • 1
    You can avoid marking the password as temporary. No required action will be added to the user profile and the credentials can be used to get a token – ritesh.garg Mar 06 '17 at 05:07
  • 1
    @ShaileshNarkhede have you found any solution ? if yes, would you mind to share it with us))? thanks in advance – Aliy Mar 06 '19 at 13:17
  • 2
    as said in above comment, do not mar password as temporary, then updateAction will not get added and access token is returned. – Shailesh Narkhede Mar 08 '19 at 03:56
6

If you want to update the password then update it and do not mark it temporary, If you mark temporary then after that just remove the update password from Required Actions box.

Guest
  • 61
  • 1
  • 1
0

I have the same problem with ldap user federation, I review some tables of SSO and delete the data from user_required_action and clear user cache, and it works.

pumajd
  • 1
  • 1
0

rest your password and then click on the cross symbol (x) present in the ----Required Users Action in the update Password and then save the user details it will work

Sashi bhusan Mukhi
  • 1