LOGIN_ERROR: ... clientId=null, userId=null....., error=invalid_code

Hi,
I knew that some people cannot log in keycloak. I found in the log file this error:

16927:2020-03-16 12:15:48,621 WARN [org.keycloak.events] (default task-760) type=LOGIN_ERROR, realmId=test, clientId=null, userId=null, ipAddress=…, error=invalid_code

I can’t find a solution by google and I don’t understand because of that.
Does anyone have an idea?
Thanks,

Michela

2 Likes

Hi,

I’m getting the same issue with Keycloak 9.0.2.
16:44:29,236 WARN [org.keycloak.events] (default task-5) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=89.35.196.164, error=expired_code, restart_after_timeout=true, authSessionParentId=bd1ed448-cd12-4884-b3a0-e8e446af09eb, authSessionTabId=7fky2Ttp-X8

Any reason?

Thanks
Dinuth

Yours just looks like the login session was left as is for too long leading the access token to expire and prompting a restart of the session. Are you sure you’re getting this everytime you try to login?

I’m not sure about the original error posted.

I’m also experiencing this “userId=null” since last monday. Did any of you found an explanation?

I’m getting logs like:

type=LOGIN_ERROR, realmId=XXX, clientId=XXX, userId=null, ipAddress=XXXXXXXXXXX, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, response_type=code,

I also found some errors about FB OAuth authentication:

2020-04-23 11:37:56,101 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-8) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access token available in OAuth server response: {“error”:{“message”:“This authorization code has been used.”,“type”:“OAuthException”,“code”:100,“error_subcode”:36009,“fbtrace_id”:“AGiesgtv1lOhK1fakT8lis8”}}

Is that anway connected? We are running KC 9.0.0

@Mariusz

It looks like the login failed because of the wrong credentials. Is there a user with that credentials available in your realm?

The FB OAuth error looks like a used auth orization code. But I don’t have a lot of experience with the FB Login Method.

Best Regards,
Johannes

Hi @haeussler247, we found out that those errors (and many more) were caused by broadcasting method, we used UDP instead of TCP, and our ACC environment was interfering with PROD servers. After change from UDP to TCP all is fine.

Perfect,
I’m happy to hear everything is fine now.

Best Regards
Johannes

Hi All!
I have the same issue, i already try change the UDP to TCP, and still not working…


any advices?
thanks!

In my case the clientId had a minus inside:

my-client-id

Removing it solved the problem

Hi @formicheedintorni,

How have you solved the problem?
I am stuck at the same point, any advice would be really appreciated.

Thanks,
Burc

Hi All,

I have overcome the following error by adding Keycloak URL to trusted sites in the security settings of internet explorer. I hope it can help someone who faces the same issue.

16927:2020-03-16 12:15:48,621 WARN [org.keycloak.events] (default task-760) type=LOGIN_ERROR, realmId=test, clientId=null, userId=null, ipAddress=…, error=invalid_code

Kind Regards,
Burchan

The issue I had was using https://foo.com:443/auth as KEYCLOAK_FRONTEND_URL. Replacing by https://foo.com/auth fixes the problem.

1 Like

Hi,
I cannot log in keycloak. I found in the log file this error:

2024-03-26 15:56:21,009 WARN [org.keycloak.events] (executor-thread-25) type=“LOGIN_ERROR”, realmId=“48f8dcbb-5a63-46ce-8a1e-93cd184f7ea9”, clientId=“SpringBootDev”, userId=“null”, ipAddress=“…”, error=“user_not_found”, auth_method=“openid-connect”, auth_type=“code”

I can’t find a solution by google
Does anyone have an idea?
Thanks,
Geetha

Hello guys. I still have this problem:

WARN [org.keycloak.events] (executor-thread-319) type=“LOGIN_ERROR”, realmId=“XXX”, clientId=“XXX”, userId=“null”, ipAddress=“XXX”, error=“invalid_user_credentials”, auth_method=“openid-connect”, auth_type=“code”, response_type=“token”

but when I generate the link (redirect happen after link click) it has both client_id (and in fact it appears in the log) but also user_id (but strangely it is null). Does anyone have any ideas?

Hello, guys! Please check to see if theres any problems with the Cookies. You may have samesite=strict cookie policy set and if you try to login from within an iframe that will not work.

Hi @TaridaGeorge ,

Where I have to set this settings . in keycloak or browser?

thanks.