0

I'm running an application that is protected by Keycloak-proxy. User comes into my application through a third-party application that is using OLDC. because of that, my login URL becomes 

(keycloak_login_url)?response_type=code&client_id=(client)&redirect_uri=https%3A%2F%2F(my_app_url)/oauthserver/oauth/authorize?response_type%3Dcode%26client_id%3(third_party_client)%26redirect_uri%3Dhttps%253A%252F%252F(third_party_oauth_url)%26oAuthLogin%26state%3D(state_from_third_party)&state=(state_from_keycloak)&login=true&scope=openid+read

After I login into the keycloak through this url it will redirect me to

https://(my_app_url)?response_type=code&client_id=(third_party_client)&redirect_uri=https%3A%2F%2F(third_party_oauth_url)&state=(state_from_third_party)&state=(state_from_keycloak)&session_state=(keycloak_session_state)&code=(keycloak_token_code)

and because of two states parameter, the server takes the URL as invalid and throws "bad request" If I remove all the parameters after the redirect_uri, it does redirecting find. How should I handle this issue?

john kim
  • 1
  • 2
  • The redirect_uri contains two `state` params, that maybe the reason for the bad request error. https://stackoverflow.com/questions/24059773/correct-way-to-pass-multiple-values-for-same-parameter-name-in-get-request – rckrd Dec 29 '18 at 12:27
  • Also: keycloak URL contains two `redirect_uri` params. It looks like an issue in your configuration. Please add your configuration and more details about "keycloak proxy". FYI jboss/keycloak-proxy is deprecated in favor of keycloak-gatekeeper. – Jan Garaj Dec 29 '18 at 18:47

0 Answers0