Sorry if dumb question but 've spent 2 days on something what should be simple but have no clue why it doesn’t work:
I’m configuring Keycloak as IdP and access provider i.e. I want login form to make possible to log in using “built in” account as well as using external IdP. I’ve added Google Identity Provider to my realm, configure it with G. client id, secret and redirect uri. Added a client of “OpenID Connect” type to realm.
All of the above works like a charm when I log in as “build -in” user.
No matter how I do the additional configuration I always have “Invalid format of the code” when trying to get id and access token for this client from Keycloak when login with Google.
The integration with Google is OK, as I can login to Google and can see the code post-ed back to keycloak endpoint http://localhost:8080/realms/here-my-realm/broker/google/endpoint
What is the problem, as far I can see is that Keyloack doesn’t exchange Google’s code to Google’e tokens but tries to exchange Google’e code to own token directly:
what obviously can’t work.
Apparently, the loop to exchange Google’s code to Google’s token, login user and emit Keycloak code is missing.
My impression was that when choosing Google specific IdP I don’t have to configure anything else, but maybe I’m wrong: Post login flow is empty for this IdP?
The integration with Google is OK, IMO, as I can log in to Keycloak console via Google with this setup.
So, maybe it is a matter of using Postman? But it fails when using Insomnia too…
The setup is done on latest Quarkus image.
Any help appreciated!