Invalid code after "Back to Application" on password reset page

On our SPA login page, we have a button “Rest Password” that redirects the user to the Keycloak reset-credentials page:

window.location.href = `${kcConfig.url}/realms/${kcConfig.realm}/login-actions/reset-credentials?client_id=${kcConfig.clientId}&kc_locale=${user.locale}`;

(Note that there is no tab_id or other session information)

The reset-credentials flow works fine. However, on the initial reset-credentials page (choose user) there is a link Back to Application that is generated with the template file login-reset-password.ftl that uses the ${url.loginUrl}. When the user clicks it, (s)he is redirected to page

AUTH_SERVER/realms/REALM/login-actions/authenticate?tab_id=z0KSQClA1AE

This page shows the invalidCodeMessage / INVALID_CODE error.

Ideally I would like to configure the desired (e.g. ${client.baseURL}/login) via the Keycloak client, because it should link to the login page within that client. As a quick fix we hard-coded the URL in the template file and also we could generate that file with the desired hard coded URL, but it would be much easier and straight forward to configure it for the realm/client. Also it would be fine if we can make the Keycloak login page work for that case.

The client has configured valid

  • Base URL
  • Redirect URIs
  • Web Origins

And has not set

  • Root URL
  • Admin URL
    (I tried setting them, but this does not resolve the issue)

I also tried setting the Frontend URL of the realm, but nothing changes while other problems arise.

  1. Is it possible to configure the client/realm in such way that the original template uses a link to the client? (Just the baseUrl (without the /login path would be fine as well).

  2. If not possible, then it would also be fine to redirect to the Keycloak’s login page (but it currently shows the INVALID_CODE error - how can we fix it?).

  3. If not possible, we would stick to overwriting the template, but I then would like to know how I can obtain the client’s base url from the template? I was not able to find out :grimacing:

Thank you very much for your support!

Hi Tikko,

I’m having the same problem. Did you find a solution?

TIA,
Sannon