At least since Keycloak 19.0.3 (most probably since 19.0.0) our Application Initiated Action (AIA) links case a HTTP 400 Bad Request with a “Invalid parameter: redirect_uri” message.
The links have the form described in Application Initiated Actions:
https://keycloak.example.com/realms/realm/protocol/openid-connect/auth?
response_type=code&
client_id=web_app&
scope=openid%20profile%20email&
redirect_uri=https://app.example.com/userprofile&
kc_action=UPDATE_PASSWORD
They worked in Keycloak 18.0.2 and before.
Removing the redirect_uri parameter causes the same error.
How do AIA links have to look in Keycloak 19 to work properly?