Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue creating a new user: invalid_grant #129

Open
john-gom opened this issue Nov 25, 2024 · 3 comments
Open

Issue creating a new user: invalid_grant #129

john-gom opened this issue Nov 25, 2024 · 3 comments
Assignees
@john-gom
Labels
User creation

Comments

@john-gom
Copy link
Collaborator

john-gom commented Nov 25, 2024
edited
Loading

Created a new user. Email was generated although no logo showing:

Image

On clicking like get invalid_grant error:

Image

Saw the following in the Keycloak logs:

2024-11-25 11:53:01,602 WARN  [org.keycloak.events] (executor-thread-1) type="CODE_TO_TOKEN_ERROR", realmId="793a2761-1af2-44e1-a0b8-cc37a030a2af", realmName="open-products-facts", clientId="ProductOpener", userId="null", sessionId="2267b116-7eb8-4443-9545-a53e3ab3a881", ipAddress="10.1.0.119", error="invalid_code", grant_type="authorization_code", code_id="2267b116-7eb8-4443-9545-a53e3ab3a881", client_auth_method="client-secret"
2024-11-25 11:53:02,583 WARN  [org.keycloak.events] (executor-thread-1) type="RESTART_AUTHENTICATION_ERROR", realmId="793a2761-1af2-44e1-a0b8-cc37a030a2af", realmName="open-products-facts", clientId="ProductOpener", userId="null", ipAddress="143.159.185.247", error="expired_code", restart_after_timeout="true"

In clicking link again get message:

Image

2024-11-25 11:56:06,123 WARN  [org.keycloak.events] (executor-thread-1) type="VERIFY_EMAIL_ERROR", realmId="793a2761-1af2-44e1-a0b8-cc37a030a2af", realmName="open-products-facts", clientId="ProductOpener", userId="6f004386-c7ea-432f-94cf-f247b0859bb3", ipAddress="143.159.185.247", error="email_already_verified", auth_method="openid-connect", token_id="c131f160-da5b-4c82-aa02-07ce9d7d657f", action="verify-email", response_type="code", redirect_uri="https://auth.openfoodfacts.org/realms/open-products-facts/account/", remember_me="false", code_id="545d745a-10e5-4f94-8cb1-b74590d0cf56", email="[email protected]", response_mode="query"
@john-gom
Copy link
Collaborator Author

Tried again with a new user and was OK. Might be because I was re-using a user id where the user.sto file already existed

@john-gom john-gom moved this from First release to Done in Revamping auth across Open Food Facts Nov 26, 2024
@john-gom john-gom reopened this Jan 6, 2025
@john-gom john-gom moved this from Done to First release in Revamping auth across Open Food Facts Jan 6, 2025
@john-gom
Copy link
Collaborator Author

john-gom commented Jan 6, 2025

Based on feedback from Alex this message appears on the original browser tab that launched keycloak in the first place, not the tab that is opened from the validate email link.

@john-gom
Copy link
Collaborator Author

john-gom commented Jan 7, 2025

It looks like the OIDC callback page gets redirected to with the following parameters: error=temporarily_unavailable&error_description=authentication_expired

I think it would be safe to re-trigger the authentication flow at this point as Keycloak would have stored a session cookie for the user so they would be logged in automatically.

@john-gom john-gom moved this from First release to In progress in Revamping auth across Open Food Facts Jan 8, 2025
@john-gom john-gom self-assigned this Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@john-gom john-gom

Labels
User creation
Projects
Revamping auth across Open Food Facts
Status: In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@teolemon @john-gom