Login/Register
Missing parameter code_challenge_method
Asked Answered
Solved oauth-2.0keycloakkeycloak-rest-api
D

2

7

I'am learning oauth 2.0 and used keycloak as authorization server.whenever I'am sending following request:-

http://localhost:7070/auth/realms/developer/protocol/openid-connect/auth?client_id=tcs&response_type=code&scope=openid profile&redirect_uri=http://localhost:8080/callback&state=zxczczxc232

I got error given below:-

http://localhost:8080/callback?error=invalid_request&error_description=Missing+parameter%3A+code_challenge_method&state=zxczczxc232
Disbursement answered 13/12, 2021 at 9:16 Comment(0)
G
17

keycloak has PKCE enabled and because of that, you as a client must send a code_challenge as part of the initial authentication request.

What you need to do is to:

  1. Generate a random value (code_verifier)
  2. Calculate the hash of that value (code_challenge)
  3. Send the code_challenge in your initial auth request
  4. Send the code_verifier when you later ask for the tokens

Like this picture shows below:

enter image description here

Gaze answered 13/12, 2021 at 9:55 Comment(3)
how to disable PKCE?Disbursement
To disable PKCE , see the documentation here keycloak.org/docs/latest/server_admin/#advanced-settings But, today you should learn and use PKCE, as it is best practice to use... and its not that complicated.Gaze
This is actually a good answer. This is extremely easy to set up and you shouldn't disable PKCE. It's just sending a hashed secret over to verify the returned handshake.Derman
F
4

I have counter same problem and my solution is: Step to fix is: Clients task -> Choose your client -> Advance Setting -> Go to selection box: Proof Key for Code Exchange Code Challenge Method -> Make it empty(not select any thing) And you don't need to provide parameter code_challenge_method

Filmy answered 19/7, 2022 at 9:56 Comment(2)
As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.Ozenfant
Maybe a little terse, but this answer really made my day. Thank you.Palimpsest

© 2022 - 2024 — McMap. All rights reserved.