Keycloak 9 - Login fails with code to token exchange error unless login using incognito mode

Hello everyone,

I have a Keycloak deployment running in a Kubernetes cluster with 2 pods in HA mode. Everything was working fine until one day we had one user that couldn’t login because of CODE_TO_TOKEN_ERROR. We tried everything from restarting the pods to clearing the browser cache, but nothing worked until we tried login to Keycloak using incognito mode. Magically, after we did that, all subsequent logins started to work normally (including non-incognito mode).

We know that the issue is gone, but we really want to know why it happened. It seems like Keycloak had some blocking data that prevented the authentication from happening, and the browser incognito mode freed that data.

Any input from the community on this case would be very appreciated. Thank you :slight_smile:

I would say Keycloak logs are your good friend. Filter errors, backtraces,… That error has very likely also description with more details. Blind guess: problem with infinispan cache/cluster. It looks like also you have a sticky session on the LB.